RE: Tool to remotely detect MBlaster infected machines?

bo.berlas_at_gsa.gov
Date: 08/15/03

Next message: Paul Schmehl: "Re: IDS is dead, etc"

Previous message: SecurIT Informatique Inc.: "Re: Processing time and IDS traffic"
Maybe in reply to: brad: "Tool to remotely detect MBlaster infected machines?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: david.maynor@oit.gatech.edu
Date: Fri, 15 Aug 2003 11:18:50 -0400

Try this one from ISS. It's a command line tool and generates decent
results. You can scan entire class B networks.

See http://www.iss.net/support/product_utilities/ms03-026rpc.php

                    "david maynor" To: "Ostberg, Alex" <aostberg@state.mt.us>
                    <david.maynor@oit.g cc: 'brad' <nelson.brad@comcast.net>, "'focus-ids@securityfocus.com'"
                    atech.edu> <focus-ids@securityfocus.com>, (bcc: Bo Berlas/IAS/CO/GSA/GOV)
                                              Subject: RE: Tool to remotely detect MBlaster infected machines?
                    08/15/2003 11:00 AM

It is a good tool, but has the drawback of only doing 1 class c at a
time.

On Fri, 2003-08-15 at 10:50, Ostberg, Alex wrote:
> We have had a good experience thus far with the eEye tool
> "RetinaRPCDCOM.exe" which is free.
>
> www.eeye.com
>
>
> Thanks,
> Alex O. Ostberg
> Data Security Analyst / Network Security Specialist
> Information Technology Security Office - Information Technology Services
> Division -
> Department of Administration - State of Montana
> Office: 406.444.4557
> Fax: 406.444.2701
> Email: aostberg@state.mt.us
>
>
>
> -----Original Message-----
> From: brad [mailto:nelson.brad@comcast.net]
> Sent: Wednesday, August 13, 2003 6:43 PM
> To: focus-ids@securityfocus.com
> Subject: Tool to remotely detect MBlaster infected machines?
>
>
> Does anyone know of a tool to remotely detect mblast infected machines?
We
> are checking machines with increased flows on 135 and traffic on 69 udp.
Is
> there a better way?
>
> Thanks,
> Brad
>
>
>
>
---------------------------------------------------------------------------
> Captus Networks - Integrated Intrusion Prevention and Traffic Shaping
> - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
> - Automatically Control P2P, IM and Spam Traffic
> - Ensure Reliable Performance of Mission Critical Applications
> Precisely Define and Implement Network Security and Performance Policies
> **FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo
> Visit us at: http://www.captusnetworks.com/ads/31.htm
>
---------------------------------------------------------------------------
>
>
---------------------------------------------------------------------------
> Captus Networks - Integrated Intrusion Prevention and Traffic Shaping
> - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
> - Automatically Control P2P, IM and Spam Traffic
> - Ensure Reliable Performance of Mission Critical Applications
> Precisely Define and Implement Network Security and Performance Policies
> **FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo
> Visit us at: http://www.captusnetworks.com/ads/31.htm
>
---------------------------------------------------------------------------
>

---------------------------------------------------------------------------
Captus Networks - Integrated Intrusion Prevention and Traffic Shaping
- Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
- Automatically Control P2P, IM and Spam Traffic
- Ensure Reliable Performance of Mission Critical Applications
Precisely Define and Implement Network Security and Performance Policies
**FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo
Visit us at: http://www.captusnetworks.com/ads/31.htm
---------------------------------------------------------------------------

Next message: Paul Schmehl: "Re: IDS is dead, etc"

Previous message: SecurIT Informatique Inc.: "Re: Processing time and IDS traffic"
Maybe in reply to: brad: "Tool to remotely detect MBlaster infected machines?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Software vendor clueless
... at hand really lies with your attitude. ... > these networks, because their software is so buggy, ... Captus Networks - Integrated Intrusion Prevention and Traffic Shaping ... - Ensure Reliable Performance of Mission Critical Applications ...
(Incidents)
RE: Software vendor clueless
... The current information security environment. ... these networks, because their software is so buggy, the developers need ... Captus Networks - Integrated Intrusion Prevention and Traffic Shaping ... - Ensure Reliable Performance of Mission Critical Applications ...
(Incidents)
RE: Software vendor clueless
... Additionally if the site has a security policy/standards that require ... >these networks, because their software is so buggy, the developers need ... >Captus Networks - Integrated Intrusion Prevention and Traffic Shaping ... > - Ensure Reliable Performance of Mission Critical Applications ...
(Incidents)
Re: Tool to remotely detect MBlaster infected machines?
... >> Captus Networks - Integrated Intrusion Prevention and Traffic Shaping ... >> - Ensure Reliable Performance of Mission Critical Applications ... >> Precisely Define and Implement Network Security and Performance Policies ...
(Focus-IDS)
RE: Tool to remotely detect MBlaster infected machines?
... > Captus Networks - Integrated Intrusion Prevention and Traffic Shaping ... > - Ensure Reliable Performance of Mission Critical Applications ... > Precisely Define and Implement Network Security and Performance Policies ...
(Focus-IDS)