|
Nmap Development
mailing list archives
Re: Nmap 4.85BETA5: Now with Conficker detection!
From: Fyodor <fyodor () insecure org>
Date: Mon, 30 Mar 2009 23:48:50 -0700
On Mon, Mar 30, 2009 at 01:03:19PM -0700, Fyodor wrote:
Hi All! We found out just yesterday about new research by Tillmann
Werner and Felix Leder of a way to anonymously scan for Conficker worm
infections! Ron sprang into action and added the detection to the
smb-check-vulns NSE script! I even had to infect one of my own
systems for Ron to test with. David and Brandon helped too.
And the script is already winning praise :). I just found an article
at Darkreading.com which includes:
I can't vouch for all of the tools listed in the list Dan included
on his blog, but I did spend quite a bit of time testing Nmap,
Simple Conficker Scanner (Honeynet Project) and Tenable Nessus this
morning, and they pretty much all had the same results. The only
real difference is price; the first two tools are free, while
Nessus is only free for home users and corporate users pay a pretty
reasonable $1,200/year.
Of the three tools I've used, Nmap has been the top performer in
regards to speed followed by Nessus and the Simple Conficker
Scanner (SCS). The SCS tool is Python-based, which Dan Kaminsky has
ported to Windows with py2exe so admins aren't required to install
Python to use. The SCS tool wasn't very fast, although I did found
that by performing an Nmap of the network first to find hosts
listening on port 445/tcp and feeding that list to SCS, the scan
time for SCS is greatly reduced. However, at that point, you might
as well use Nmap.
[Full article:
http://www.darkreading.com/blog/archives/2009/03/conficker_detec.html]
I've posted an announcement of the new version and a link to more
news articles up at http://insecure.org.
Cheers,
-F
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
 By Date 
By Thread
Current thread:
|
Intro
