Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Troubleshooting the Conficker script
From: "Rathbun, Dan" <Dan.Rathbun () aecom com>
Date: Tue, 31 Mar 2009 13:10:17 -0700

I'm using the Conficker script and every reachable host is returning
these same script results.  I tried backing down from -T4 to -T3 with no
change in result.  Thoughts?  The site I am scanning is connected via a
T3 to the Nmap server site so it should not be bandwidth related.  The
server is running RHEL5 and Nmap is at 12798.

 

Here is the syntax I am using and the results I get when the port is
open:

 

./nmap --datadir=. -v -sC --script=smb-check-vulns.nse
--script-args=safe=1 -p445 -d -PN -n -T3 --min-hostgroup 256
--min-parallelism 64 -oA conficker_scan X.X.52.0/24

 

Host script results:

 

 |  smb-check-vulns:  

 

 |  MS08-067: NOT RUN

 

 |  Conficker: ERROR: SMB: Failed to receive bytes: TIMEOUT

 

 |_ regsvc DoS: NOT RUN (add --script-args=unsafe=1 to run)

 

 Final times for host: srtt: 83494 rttvar: 83494  to: 417470

 

Path: .

URL: svn://svn.insecure.org/nmap

Repository Root: svn://svn.insecure.org

Repository UUID: e0a8ed71-7df4-0310-8962-fdc924857419

Revision: 12798

Node Kind: directory

Schedule: normal

Last Changed Author: david

Last Changed Rev: 12798

Last Changed Date: 2009-03-31 11:29:52 -0700 (Tue, 31 Mar 2009)

Dan Rathbun
Information Security Director   
CISSP, GSLC, GSEC, GLEG, GSNA and G7799 Certified

D 978.930.5656
dan.rathbun () aecom com

AECOM
515 South Flower Street, 4th Floor
Los Angeles, CA 90071-2201

http://www.aecom.com <http://www.aecom.com/> 

This communication is intended for the sole use of the person(s) to whom
it is addressed and may contain information that is privileged,
confidential or subject to copyright.  Any unauthorized use, disclosure
or copying of this communication is strictly prohibited.  If you have
received this communication in error, please contact the sender
immediately.  Any communication received in error should be deleted and
all copies destroyed.

 


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault