NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > FOCUS-IDS> 2003-q3

RE: Tool to remotely detect MBlaster infected machines?

bo.berlasgsa.gov
Date: Fri Aug 15 2003 - 10:18:50 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Try this one from ISS. It's a command line tool and generates decent
results. You can scan entire class B networks.

See http://www.iss.net/support/product_utilities/ms03-026rpc.php

                    "david maynor" To: "Ostberg, Alex" <aostbergstate.mt.us>
                    <david.maynoroit.g cc: 'brad' <nelson.bradcomcast.net>, "'focus-idssecurityfocus.com'"
                    atech.edu> <focus-idssecurityfocus.com>, (bcc: Bo Berlas/IAS/CO/GSA/GOV)
                                              Subject: RE: Tool to remotely detect MBlaster infected machines?
                    08/15/2003 11:00 AM

It is a good tool, but has the drawback of only doing 1 class c at a
time.

On Fri, 2003-08-15 at 10:50, Ostberg, Alex wrote:
> We have had a good experience thus far with the eEye tool
> "RetinaRPCDCOM.exe" which is free.
>
> www.eeye.com
>
>
> Thanks,
> Alex O. Ostberg
> Data Security Analyst / Network Security Specialist
> Information Technology Security Office - Information Technology Services
> Division -
> Department of Administration - State of Montana
> Office: 406.444.4557
> Fax: 406.444.2701
> Email: aostbergstate.mt.us
>
>
>
> -----Original Message-----
> From: brad [mailto:nelson.bradcomcast.net]
> Sent: Wednesday, August 13, 2003 6:43 PM
> To: focus-idssecurityfocus.com
> Subject: Tool to remotely detect MBlaster infected machines?
>
>
> Does anyone know of a tool to remotely detect mblast infected machines?
We
> are checking machines with increased flows on 135 and traffic on 69 udp.
Is
> there a better way?
>
> Thanks,
> Brad
>
>
>
>
---------------------------------------------------------------------------
> Captus Networks - Integrated Intrusion Prevention and Traffic Shaping
> - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
> - Automatically Control P2P, IM and Spam Traffic
> - Ensure Reliable Performance of Mission Critical Applications
> Precisely Define and Implement Network Security and Performance Policies
> **FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo
> Visit us at: http://www.captusnetworks.com/ads/31.htm
>
---------------------------------------------------------------------------
>
>
---------------------------------------------------------------------------
> Captus Networks - Integrated Intrusion Prevention and Traffic Shaping
> - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
> - Automatically Control P2P, IM and Spam Traffic
> - Ensure Reliable Performance of Mission Critical Applications
> Precisely Define and Implement Network Security and Performance Policies
> **FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo
> Visit us at: http://www.captusnetworks.com/ads/31.htm
>
---------------------------------------------------------------------------
>

---------------------------------------------------------------------------
Captus Networks - Integrated Intrusion Prevention and Traffic Shaping
- Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
- Automatically Control P2P, IM and Spam Traffic
- Ensure Reliable Performance of Mission Critical Applications
Precisely Define and Implement Network Security and Performance Policies
**FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo
Visit us at: http://www.captusnetworks.com/ads/31.htm
---------------------------------------------------------------------------

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]