RE:New Version of Retina Nimba Scanner
From: Brendan Murphy (bmurphy@carbon.cudenver.edu)Date: 09/21/01
- Previous message: John Stauffacher: "RE:New Version of Retina Nimba Scanner"
- In reply to: John Stauffacher: "RE:New Version of Retina Nimba Scanner"
- Next in thread: Parvez Ahmed: "RE: New Version of Retina Nimba Scanner"
- Next in thread: Regalia, Teresa: "RE: New Version of Retina Nimba Scanner"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 21 Sep 2001 14:00:21 -0600 (MDT) From: Brendan Murphy <bmurphy@carbon.cudenver.edu> To: John Stauffacher <stauffac@chapman.edu> Subject: RE:New Version of Retina Nimba Scanner Message-ID: <Pine.OSF.4.31.0109211400040.19681-100000@carbon.cudenver.edu>
Yes, false positives here too...
Brendan Murphy
University of Colorado at Denver
On Fri, 21 Sep 2001, John Stauffacher wrote:
> All,
>
> I just ran this scanner and am picking up more false positives than real
> infections. Not only did it pick up all my Macs (they arent even running
> Dave or have any SMB shares), it picked up my indigo and my Snap Server
> (tell me how a snap server gets infected by this?). I realize that
> diagnosing these things is a shot in the dark - but, telling me "open
> guest share" when the machine is not sharing anything (or even listening
> on 139) is kinda a mis-nomer an a cause for panic (130 "infected" out of
> 253 possible)...anyone else seen this kind of false positive from the
> scanner?
>
> -John Stauffacher
>
> +-------------------------+
> ! John Stauffacher !
> ! Network Administrator !
> ! Chapman University !
> ! stauffacher@chapman.edu !
> +-------------------------+
>
> >
> Date: Thu, 20 Sep 2001 17:31:06 -0700
> From: info <info@eEye.com>
> To: incidents@securityfocus.com, security-basics@securityfocus.com
> Subject: New Version of Retina Nimba Scanner
>
> A new version of Nimda Scanner has just been posted to the eEye web site
> that will also detect open shares on systems which is a common trait of an
> infection.
>
> http://www.eeye.com/html/Research/Tools/nimda.html
>
> Signed,
> eEye Digital Security
> T.949.349.9062
> F.949.349.9538
>
>
>
> ----------------------------------------------------------------------------
> This list is provided by the SecurityFocus ARIS analyzer service.
> For more information on this free incident handling, management
> and tracking system please see: http://aris.securityfocus.com
>
>
>
>
> ----------------------------------------------------------------------------
> This list is provided by the SecurityFocus ARIS analyzer service.
> For more information on this free incident handling, management
> and tracking system please see: http://aris.securityfocus.com
>
>
Brendan Murphy
Network, Video, and DSL Services
University of Colorado-Denver
Computing, Information & Network Services (CINS)
~~~
TEL 303-556-4308
FAX 303-556-2318
~~~
"It's more than just a race, it's a style. It's doing
something better than anyone else. It's being creative."
- Steve Prefontaine
- Previous message: John Stauffacher: "RE:New Version of Retina Nimba Scanner"
- In reply to: John Stauffacher: "RE:New Version of Retina Nimba Scanner"
- Next in thread: Parvez Ahmed: "RE: New Version of Retina Nimba Scanner"
- Next in thread: Regalia, Teresa: "RE: New Version of Retina Nimba Scanner"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
