RE: Tool to remotely detect MBlaster infected machines?

From: david maynor (david.maynor_at_oit.gatech.edu)
Date: 08/15/03

  • Next message: schwing_at_tenablesecurity.com: "Re: Tool to remotely detect MBlaster infected machines?"
    To: "Ostberg, Alex" <aostberg@state.mt.us>
    Date: 15 Aug 2003 11:00:01 -0400
    
    

    It is a good tool, but has the drawback of only doing 1 class c at a
    time.

    On Fri, 2003-08-15 at 10:50, Ostberg, Alex wrote:
    > We have had a good experience thus far with the eEye tool
    > "RetinaRPCDCOM.exe" which is free.
    >
    > www.eeye.com
    >
    >
    > Thanks,
    > Alex O. Ostberg
    > Data Security Analyst / Network Security Specialist
    > Information Technology Security Office - Information Technology Services
    > Division -
    > Department of Administration - State of Montana
    > Office: 406.444.4557
    > Fax: 406.444.2701
    > Email: aostberg@state.mt.us
    >
    >
    >
    > -----Original Message-----
    > From: brad [mailto:nelson.brad@comcast.net]
    > Sent: Wednesday, August 13, 2003 6:43 PM
    > To: focus-ids@securityfocus.com
    > Subject: Tool to remotely detect MBlaster infected machines?
    >
    >
    > Does anyone know of a tool to remotely detect mblast infected machines? We
    > are checking machines with increased flows on 135 and traffic on 69 udp. Is
    > there a better way?
    >
    > Thanks,
    > Brad
    >
    >
    >
    > ---------------------------------------------------------------------------
    > Captus Networks - Integrated Intrusion Prevention and Traffic Shaping
    > - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
    > - Automatically Control P2P, IM and Spam Traffic
    > - Ensure Reliable Performance of Mission Critical Applications
    > Precisely Define and Implement Network Security and Performance Policies
    > **FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo
    > Visit us at: http://www.captusnetworks.com/ads/31.htm
    > ---------------------------------------------------------------------------
    >
    > ---------------------------------------------------------------------------
    > Captus Networks - Integrated Intrusion Prevention and Traffic Shaping
    > - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
    > - Automatically Control P2P, IM and Spam Traffic
    > - Ensure Reliable Performance of Mission Critical Applications
    > Precisely Define and Implement Network Security and Performance Policies
    > **FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo
    > Visit us at: http://www.captusnetworks.com/ads/31.htm
    > ---------------------------------------------------------------------------
    >

    ---------------------------------------------------------------------------
    Captus Networks - Integrated Intrusion Prevention and Traffic Shaping
     - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
     - Automatically Control P2P, IM and Spam Traffic
     - Ensure Reliable Performance of Mission Critical Applications
    Precisely Define and Implement Network Security and Performance Policies
    **FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo
    Visit us at: http://www.captusnetworks.com/ads/31.htm
    ---------------------------------------------------------------------------


  • Next message: schwing_at_tenablesecurity.com: "Re: Tool to remotely detect MBlaster infected machines?"

    Relevant Pages

    • Re: Tool to remotely detect MBlaster infected machines?
      ... >> Captus Networks - Integrated Intrusion Prevention and Traffic Shaping ... >> - Ensure Reliable Performance of Mission Critical Applications ... >> Precisely Define and Implement Network Security and Performance Policies ...
      (Focus-IDS)
    • Re: possible 0-day exploit for latest Real-/Helixserver 9.0.2.794
      ... > Captus Networks - Integrated Intrusion Prevention and Traffic Shaping ... > - Precisely Define and Implement Network Security and Performance Policies ...
      (Incidents)
    • RE: Increasing ICMP Echo Requests
      ... exploits the same vulnerability that the original MSBLAST worm did, ... serious vulnerability like this one, same thing happened with the SQL ... > - Ensure Reliable Performance of Mission Critical Applications ... > - Precisely Define and Implement Network Security and Performance ...
      (Incidents)
    • Re: possible 0-day exploit for latest Real-/Helixserver 9.0.2.794
      ... Captus Networks - Integrated Intrusion Prevention and Traffic Shaping ... - Instantly Stop DoS/DDoS Attacks, ... - Ensure Reliable Performance of Mission Critical Applications ... - Precisely Define and Implement Network Security and Performance Policies ...
      (Incidents)
    • RE: Increasing ICMP Echo Requests
      ... we are also seeing an increased number of ping ... - Instantly Stop DoS/DDoS Attacks, ... - Ensure Reliable Performance of Mission Critical Applications ... - Precisely Define and Implement Network Security and Performance Policies ...
      (Incidents)