Detecting Blaster

From: Bob Sadler (bobs_at_LEAWOOD.ORG)
Date: 08/14/03

Next message: Mark Burnett: "Re: DNS"

Previous message: Shalla: "Re: What the heck is this msblast.exe"
Next in thread: James Riden: "Re: Detecting Blaster"
Reply: James Riden: "Re: Detecting Blaster"
Maybe reply: Bryan Schlegel: "RE: Detecting Blaster"
Reply: Brian DeLine: "Re: Detecting Blaster"
Reply: Harlan Carvey: "Re: Detecting Blaster"
Reply: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]: "Re: Detecting Blaster"
Maybe reply: oogelyboogly_at_hushmail.com: "RE: Detecting Blaster"
Maybe reply: David A Cavalieri: "RE: Detecting Blaster"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 14 Aug 2003 12:14:03 -0500
To: <focus-ms@securityfocus.com>

I have been trying to figure out if there is a way that I can detect
signs of Blaster on a large number of machines on a network without
having to actually visit each one.

I have a port scanner (Ethereal) and have it setup to look at any frame
with destination port 135. Is there a better way to do this, or is the
way I'm trying to do this all wrong in the first place?

Bob Sadler
City of Leawood, KS, USA
WAN/Internet Specialist
913-339-6700 x194

Get a Life! Get TWO! Play Second Life!
http://secondlife.com/ss/?u=b4ebbfdd6af98a027fa7e89a86c55a68

---------------------------------------------------------------------------
Your network firewall and IDS products do not prevent Web application
attacks - the most common form of online exploitation- resulting in Web
defacement, data theft, sabotage and fraud.
KaVaDo is the only company that provides a complete suite of Web
application security products.
Download a FREE whitepaper on "Security Policy Automation for Web
Applications":http://www.securityfocus.com/Kavado-focus-ms
---------------------------------------------------------------------------

Next message: Mark Burnett: "Re: DNS"

Previous message: Shalla: "Re: What the heck is this msblast.exe"
Next in thread: James Riden: "Re: Detecting Blaster"
Reply: James Riden: "Re: Detecting Blaster"
Maybe reply: Bryan Schlegel: "RE: Detecting Blaster"
Reply: Brian DeLine: "Re: Detecting Blaster"
Reply: Harlan Carvey: "Re: Detecting Blaster"
Reply: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]: "Re: Detecting Blaster"
Maybe reply: oogelyboogly_at_hushmail.com: "RE: Detecting Blaster"
Maybe reply: David A Cavalieri: "RE: Detecting Blaster"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

RE: What the heck is this msblast.exe
... What the heck is this msblast.exe ... |Your network firewall and IDS products do not prevent Web application ... |attacks - the most common form of online exploitation- resulting in Web ... |Download a FREE whitepaper on "Security Policy Automation for Web ...
(Focus-Microsoft)
RE: What the heck is this msblast.exe
... |Your network firewall and IDS products do not prevent Web application ... |attacks - the most common form of online exploitation- resulting in Web ... |Download a FREE whitepaper on "Security Policy Automation for Web ...
(Focus-Microsoft)
RE: What the heck is this msblast.exe
... |Your network firewall and IDS products do not prevent Web application ... |attacks - the most common form of online exploitation- resulting in Web ... |Download a FREE whitepaper on "Security Policy Automation for Web ...
(Focus-Microsoft)
RE: DCOM RPC exploit as a virus/trojan?
... Your network firewall and IDS products do not prevent Web application ... attacks - the most common form of online exploitation- resulting in ... Download a FREE whitepaper on "Security Policy Automation for Web ...
(Focus-Microsoft)
RE: What the heck is this msblast.exe
... The RPC exploit itself leaves the server open to any action at all. ... |Your network firewall and IDS products do not prevent Web application ... |attacks - the most common form of online exploitation- resulting in Web ... |Download a FREE whitepaper on "Security Policy Automation for Web ...
(Focus-Microsoft)