Re: EEye RPC Scanning Tool

From: Marc Maiffret (marc_at_EEYE.COM)
Date: 09/12/03

  • Next message: Marc Maiffret: "Re: Alert: Microsoft Security Bulletin - MS03-039" 
    Date:         Thu, 11 Sep 2003 15:58:31 -0700
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

    The free scanner can only use Port 135 to scan for the vulnerable systems.
    The option to change the port is just something built into the open
    framework of the free scanner tools. But again to clarify it only scans over
    port 135(tcp). That is what you should be basing your scans on.

    Signed,
    Marc Maiffret
    Chief Hacking Officer
    eEye Digital Security
    T.949.349.9062
    F.949.349.9538
    http://eEye.com/Retina - Network Security Scanner
    http://eEye.com/Iris - Network Traffic Analyzer
    http://eEye.com/SecureIIS - Stop known and unknown IIS vulnerabilities

    | -----Original Message-----
    | From: Windows NTBugtraq Mailing List
    | [mailto:NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM]On Behalf Of Gavin Haslett
    | Sent: Thursday, September 11, 2003 8:26 AM
    | To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
    | Subject: EEye RPC Scanning Tool
    |
    |
    | I downloaded it and took a look at it. Does it only check the
    | ports involved with this vulnerability? I ran it against port
    | 135 for a local server VLAN and returned the names of the
    | unpatched servers. I ran it against port 137, 138, and 139; and
    | did not find any vulnerability. Is this a limitation of the
    | tool, a case of these ports not actually being vulnerable, or am
    | I missing something? 

    ----
Are You "Certifiable"? Summer's Hottest Certification Just Got HOTTER!
With a growth rate exceeding 110%, the TICSA security practitioner
certification is one of the hottest IT credentials available.  And now, for
a limited time, you can save 33% off of the TICSA certification exam! To
learn more about the TICSA certification, and to register as a TICSA
candidate online, just go to
http://www.trusecure.com/offer/s0100/
----
  • Next message: Marc Maiffret: "Re: Alert: Microsoft Security Bulletin - MS03-039"

    Relevant Pages

    • Crackers Targeting Web JetAdmin 6.5 Vulnerability
      ... via a vulnerability in HP Web JetAdmin 6.5 (default port of 8000/tcp). ... The specific vulnerability is referenced at the following URL: ... The backdoor kit that was downloaded was just under 1MB, and when run, ...
      (Incidents)
    • Re: pen test
      ... you pen test your host, I could have said ask them, but instead provided ... of a Vulnerability Identification step of a Risk Management plan. ... **System security testing, using methods such as automated vulnerability ... For example, an open port, let's say, port 80 is open on your host. ...
      (Security-Basics)
    • Re: pen test
      ... of a Vulnerability Identification step of a Risk Management plan. ... **System security testing, using methods such as automated vulnerability ... just need to VM the box and pen test if off the VM not the live. ... For example, an open port, let's say, port 80 is open on your host. ...
      (Security-Basics)
    • RE: Vulnerability to cache poisoning -- the rest of the solution
      ... Vulnerability to cache poisoning -- the rest of the solution ... We were only allowing port 53 outside the firewall (confirmed by the ... If you are not the intended recipient, any disclosure, ...
      (comp.protocols.dns.bind)
    • [NEWS] Novell Border Manager Multiple Vulnerabilities
      ... Multiple vulnerabilities identified in Novell Border Manager 3.6. ... The first vulnerability is within the FTP-proxy server of BM 3.6. ... The second vulnerability is in the IP/IPX gateway on tcp port 8225. ...
      (Securiteam)