Re: Detecting Blaster

From: Harlan Carvey (keydet89_at_yahoo.com)
Date: 08/15/03

Next message: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]: "Re: Detecting Blaster"

Previous message: Grabowski, David: "Account Lockout -- ARGH"
In reply to: Bob Sadler: "Detecting Blaster"
Next in thread: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]: "Re: Detecting Blaster"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 14 Aug 2003 15:02:31 -0700 (PDT)
To: focus-ms@securityfocus.com

Bob,

If you're a domain admin, you can write a Perl script
or a batch file that will map to each machine and see
if the files (msblast.exe, penis32.exe, etc.,
depending on version) are in the system32 directory.

HTH,

Harlan

--- Bob Sadler <bobs@LEAWOOD.ORG> wrote:
> I have been trying to figure out if there is a way
> that I can detect
> signs of Blaster on a large number of machines on a
> network without
> having to actually visit each one.
>
> I have a port scanner (Ethereal) and have it setup
> to look at any frame
> with destination port 135. Is there a better way to
> do this, or is the
> way I'm trying to do this all wrong in the first
> place?
>
>
>
> Bob Sadler
> City of Leawood, KS, USA
> WAN/Internet Specialist
> 913-339-6700 x194
>
> Get a Life! Get TWO! Play Second Life!
>
http://secondlife.com/ss/?u=b4ebbfdd6af98a027fa7e89a86c55a68
>
>
>
---------------------------------------------------------------------------
> Your network firewall and IDS products do not
> prevent Web application
> attacks - the most common form of online
> exploitation- resulting in Web
> defacement, data theft, sabotage and fraud.
> KaVaDo is the only company that provides a complete
> suite of Web
> application security products.
> Download a FREE whitepaper on "Security Policy
> Automation for Web
>
Applications":http://www.securityfocus.com/Kavado-focus-ms
>
---------------------------------------------------------------------------
>

__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com

---------------------------------------------------------------------------
Your network firewall and IDS products do not prevent Web application
attacks - the most common form of online exploitation- resulting in Web
defacement, data theft, sabotage and fraud.
KaVaDo is the only company that provides a complete suite of Web
application security products.
Download a FREE whitepaper on "Security Policy Automation for Web
Applications":http://www.securityfocus.com/Kavado-focus-ms
---------------------------------------------------------------------------

Next message: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]: "Re: Detecting Blaster"

Previous message: Grabowski, David: "Account Lockout -- ARGH"
In reply to: Bob Sadler: "Detecting Blaster"
Next in thread: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]: "Re: Detecting Blaster"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]