RE: Foundstone DCOM Scanner

[Marc Soda <msoda () comcast net>]

I have come to similar conclusions as well, it's either not accurate,
not easily used in scripts or doesn't scan enough IPs at once.  I have
multiple /16s to scan, so I modified the plugin from nessus.

When I say modified I really only changed it to look at port 135, the
rest is the same.  I'm running nessus, with only that plugin enabled and
every thing else turned off, from the command line (I had problems with
the GUI crashing with a large number of addresses).  It runs faster and
more accurately than any other I have tried.

-- 
Marc Soda
msoda () comcast net
PGP Key Id: 0xBCCBBF61

On Thu, 2003-09-11 at 17:39, Jerry Heidtke wrote:
> Except it mistakenly identifies lots of patched systems as still
> vulnerable.
>
> I've tested five different free tools today. Here's a summary of my
> results:
>
> KB824146Scan.exe
>
> Microsoft's scanner. Many errors and accuracy problems. Basically
> unusable.
> Command line scanner with flexible input and output options, but can't
> reliably
> identify Windows 9x systems, systems with DCOM disabled, or some
> non-standard systems.
>
> PTms03039.exe
>
> GUI utility from Positive Technologies (http://www.ptsecurity.com). 
> Scans single addresses only, selectable target port.
> Reliability unknown.
>
> RetinaRPCDCOM.exe
>
> GUI utility from Retina. Scans up to Class C. 
> Can save output as text or csv file.
> Very accurate. Currently version 1.10.
>
> xfrpcss.exe
>
> Command line scanner from ISS. Can scan unlimited addresses, simple
> usable output.
> Not very accurate. Identifies many patched systems as still vulnerable.
>
> RPCScan2.exe
>
> GUI utility from Foundstone. No limits of scan ranges, can read input
> file.
> Can save output as text or csv file.
> Not very accurate. Identifies many patched systems as still vulnerable,
> especially NT.
>
> I'm looking for something that I can scan almost a whole class B, 
> that is a scriptable command line scanner (STDIO) and that is accurate
> enough to base decisions on about disconnecting unpatched workstations,
> in order to try to protect some patient care devices that cannot legally
> be patched but must (for now) remain on our production network.
>
> I haven't seen anything yet that meets these simple requirements.
>
> Jerry
>
> -----Original Message-----
> From: Jones, David H [mailto:Jones.David.H () principal com] 
> Sent: Thursday, September 11, 2003 2:45 PM
> To: full-disclosure () lists netsys com
> Subject: [Full-disclosure] Foundstone DCOM Scanner
>
>
> Foundstone has released version 2 of their free scanning tool.  IMHO,
> this is the best, free tool I've found to scan a class b.
>
> http://www.foundstone.com
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
> Confidentiality Notice: This e-mail message, including any attachments,
> is for the sole use of the intended recipient(s) and may contain
> confidential and privileged information.  Any unauthorized review, use,
> disclosure or distribution is prohibited.  If you are not the intended
> recipient, please contact the sender by reply e-mail and destroy all
> copies of the original message.
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html