Home page logo

nmap-dev logo Nmap Development mailing list archives

Question - script: p2p-conficker
From: Joe.Lemak () omya com
Date: Mon, 20 Jan 2014 18:50:31 -0500

Hi All,
I am  trying to identify internal IP of infected host with  conficker.
I am running script: p2p-conficker

I  am following recommendation:
 Run the scripts against all active hosts (recommended)
nmap -p139,445 -vv --script p2p-conficker,smb-os-discovery,smb-check-vulns 
--script-args=checkconficker=1,safe=1 -T4 <host>

The command will find hosts and lists open/closed port 139 and 445, 
however no infection found yet.

This a comment in a script description:
"This check won't work properly on a multihomed or NATed system because 
the open ports will be based on a nonpublic IP"

Does the above script comment is saying that it will not work on my 
internal network using private IPs?

Thank you.

Best Regards

Joe Lemak
Network Systems Engineer

Omya Inc.
9987 Carver Rd, Suite 300
Cincinnati, Ohio 45242
Phone direct: 
+1 513 387 4367
Mobile:+1 513 515 9263
Fax:+1 513 672 2073
eMail: Joe.Lemak () omya com
Internet: www.omya.com

"This message contains information that may be confidential or privileged and 
is intended 
only for the individual or entity named above. No one else may disclose, copy, 
or use the contents of this message. Unauthorized use, dissemination and 
is strictly prohibited, and may be unlawful. All personal messages express 
views solely 
of the sender, which are not to be attributed to Omya AG and its subsidiaries 
and affiliates.
If you received this message in error, please notify the Sender and delete this 
Sent through the dev mailing list
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]