RE: Command Line RPC vulnerability scanner?

From: Christopher Cramer (chris.cramer_at_duke.edu)
Date: 07/31/03

  • Next message: Peter Fry: "RPC DCOM exploit"
    To: "Schmehl, Paul L" <pauls@utdallas.edu>
    Date: 31 Jul 2003 12:36:27 -0400
    
    
    

    Paul,

    The ISS scanner occasionally hangs on a machine.

    We ran the scanner over our class B by first running an nmap scan to
    check for machines that were up and listening on port 135. We then ran
    the ISS scanner over those machines. All of this was done on a linux
    machine (the ISS scanner seems to run nicely under wine).

    Hope that helps some.

    -c

    --
    Christopher E. Cramer, Ph.D.
    University Information Technology Security Officer
    Duke University,  Office of Information Technology
    253A North Building, Box 90132, Durham, NC  27708-0291
    PH: 919-660-7003  FAX: 919-660-7076  CELL: 919-210-0528
    PGP Public Key: http://www.duke.edu/~cramer/cramer.pgp
    On Thu, 2003-07-31 at 11:30, Schmehl, Paul L wrote:
    > I have both eEye's tool and ISS's tool.  I decided to run the ISS
    > commandline scanner on our entire class B last night.  That way I could
    > come in this morning and have a complete report of patch compliance.  Or
    > so I thought.  When I got in to my office this morning, the ISS tool had
    > been running for 15 hours and had reported on a total of 99 hosts.
    > 
    > I don't know what's wrong with it, but something obviously is.
    > 
    > Paul Schmehl (pauls@utdallas.edu)
    > Adjunct Information Security Officer
    > The University of Texas at Dallas
    > AVIEN Founding Member
    > http://www.utdallas.edu/~pauls/
    > 
    > > -----Original Message-----
    > > From: Michael Wright [mailto:mcwright@dbls.com] 
    > > Sent: Wednesday, July 30, 2003 1:25 PM
    > > To: JAMIE CRAWFORD; incidents@securityfocus.com
    > > Subject: Re: Command Line RPC vulnerability scanner?
    > > 
    > > 
    > > Yes.  ISS provides one for windows:
    > 
    > ---------------------------------------------------------------------------
    > ----------------------------------------------------------------------------
    
    



  • Next message: Peter Fry: "RPC DCOM exploit"