DingleBerries Posted March 31, 2009 Posted March 31, 2009 Simple Nmap 4.85BETA5 command to scan for Downadup/Conficker. nmap -PN -T4 -p139,445 -n -v --script=smb-check-vulns --script-args safe=1 [targetnetworks] But what does it all mean? -PN means to treat all hosts as online, and skip host discovery, which basically means don\'t try to ping ths hosts. This is useful because lots of hosts/firewalls drop icmp traffic. -T4 is used to speed up the scan -p139,445 tells it to scan those ports, which are related to samba windows file sharing -n says don\'t try dns resolution -v means make it spit out more information(aka verbose) --script=smb-check-vulns runs the lua script smb-check-vulns, which appears to check for a few different vulnerablities. This script gets passed the safe=1 option which according to the web page tells the script to only do checks which are presumably safe for the system you are scanning against; the page warns that unsafe checks on a compromised system may cause it to crash. Also more info on the approaching doom Quote
h3%5kr3w Posted March 31, 2009 Posted March 31, 2009 Approaching Doom There, thought I would clean up that link for ya! .... wait.. it was correct. sorry, firefox must have got confuscitated... oh well. Links to all! Quote
deleted Posted March 31, 2009 Posted March 31, 2009 Yeah I just read this on slashdot. I wonder why it changes it. Quote
digip Posted March 31, 2009 Posted March 31, 2009 There is a Python to EXE for Windows that can scan for Conficker. Also nessus and nmap signatures of some sort: http://isc.sans.org/diary.html?storyid=6097 Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.