Re: Tool to remotely detect MBlaster infected machines?

schwing_at_tenablesecurity.com
Date: 08/15/03

  • Next message: SecurIT Informatique Inc.: "Re: Processing time and IDS traffic" 
    Date: 15 Aug 2003 16:24:14 -0000
To: focus-ids@securityfocus.com
    ('binary' encoding is not supported, stored as-is) In-Reply-To: <1060959531.6927.8.camel@icehouse.is.gatech.edu>

    You can also use Nessus plugin Check 11818 The remote host is infected by
    msblast.exe

    If you need to scan more then one class C at a time you could use the
    Tenable Lightning Console and Proxy to Scan multiple class B's at the same
    time.

    Stephen Schwing
    Tenable Network Security
    www.tenablesecurity.com

    >
    >It is a good tool, but has the drawback of only doing 1 class c at a
    >time.
    >
    >On Fri, 2003-08-15 at 10:50, Ostberg, Alex wrote:
    >> We have had a good experience thus far with the eEye tool
    >> "RetinaRPCDCOM.exe" which is free.
    >>
    >> www.eeye.com
    >>
    >>
    >> Thanks,
    >> Alex O. Ostberg
    >> Data Security Analyst / Network Security Specialist
    >> Information Technology Security Office - Information Technology Services
    >> Division -
    >> Department of Administration - State of Montana
    >> Office: 406.444.4557
    >> Fax: 406.444.2701
    >> Email: aostberg@state.mt.us
    >>
    >>
    >>
    >> -----Original Message-----
    >> From: brad [mailto:nelson.brad@comcast.net]
    >> Sent: Wednesday, August 13, 2003 6:43 PM
    >> To: focus-ids@securityfocus.com
    >> Subject: Tool to remotely detect MBlaster infected machines?
    >>
    >>
    >> Does anyone know of a tool to remotely detect mblast infected
    machines? We
    >> are checking machines with increased flows on 135 and traffic on 69
    udp. Is
    >> there a better way?
    >>
    >> Thanks,
    >> Brad
    >>
    >>
    >>
    >> ------------------------------------------------------------------------ 

    ---
>> Captus Networks - Integrated Intrusion Prevention and Traffic Shaping  
>>  - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
>>  - Automatically Control P2P, IM and Spam Traffic
>>  - Ensure Reliable Performance of Mission Critical Applications
>> Precisely Define and Implement Network Security and Performance Policies
>> **FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo
>> Visit us at: http://www.captusnetworks.com/ads/31.htm
>> ------------------------------------------------------------------------
---
>> 
>> ------------------------------------------------------------------------
---
>> Captus Networks - Integrated Intrusion Prevention and Traffic Shaping  
>>  - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
>>  - Automatically Control P2P, IM and Spam Traffic
>>  - Ensure Reliable Performance of Mission Critical Applications
>> Precisely Define and Implement Network Security and Performance Policies
>> **FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo
>> Visit us at: http://www.captusnetworks.com/ads/31.htm
>> ------------------------------------------------------------------------
---
>> 
>
>
>--------------------------------------------------------------------------
-
>Captus Networks - Integrated Intrusion Prevention and Traffic Shaping  
> - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
> - Automatically Control P2P, IM and Spam Traffic
> - Ensure Reliable Performance of Mission Critical Applications
>Precisely Define and Implement Network Security and Performance Policies
>**FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo
>Visit us at: http://www.captusnetworks.com/ads/31.htm
>--------------------------------------------------------------------------
-
>
>
---------------------------------------------------------------------------
Captus Networks - Integrated Intrusion Prevention and Traffic Shaping  
 - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
 - Automatically Control P2P, IM and Spam Traffic
 - Ensure Reliable Performance of Mission Critical Applications
Precisely Define and Implement Network Security and Performance Policies
**FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo
Visit us at: http://www.captusnetworks.com/ads/31.htm
---------------------------------------------------------------------------
  • Next message: SecurIT Informatique Inc.: "Re: Processing time and IDS traffic"

    Relevant Pages

    • RE: Tool to remotely detect MBlaster infected machines?
      ... > Captus Networks - Integrated Intrusion Prevention and Traffic Shaping ... > - Ensure Reliable Performance of Mission Critical Applications ... > Precisely Define and Implement Network Security and Performance Policies ...
      (Focus-IDS)
    • Re: Increasing ICMP Echo Requests
      ... > Captus Networks - Integrated Intrusion Prevention and Traffic Shaping ... > - Ensure Reliable Performance of Mission Critical Applications ... > - Precisely Define and Implement Network Security and Performance Policies ...
      (Incidents)
    • Re: possible 0-day exploit for latest Real-/Helixserver 9.0.2.794
      ... Captus Networks - Integrated Intrusion Prevention and Traffic Shaping ... - Instantly Stop DoS/DDoS Attacks, ... - Ensure Reliable Performance of Mission Critical Applications ... - Precisely Define and Implement Network Security and Performance Policies ...
      (Incidents)
    • RE: Tool to remotely detect MBlaster infected machines?
      ... You can scan entire class B networks. ... > Captus Networks - Integrated Intrusion Prevention and Traffic Shaping ... > - Ensure Reliable Performance of Mission Critical Applications ... > Precisely Define and Implement Network Security and Performance Policies ...
      (Focus-IDS)
    • RE: Increasing ICMP Echo Requests
      ... exploits the same vulnerability that the original MSBLAST worm did, ... serious vulnerability like this one, same thing happened with the SQL ... > - Ensure Reliable Performance of Mission Critical Applications ... > - Precisely Define and Implement Network Security and Performance ...
      (Incidents)