Nmap Development mailing list archives

Re: [NSE] MS08-067 check

From: Ron <ron () skullsecurity net>
Date: Wed, 12 Nov 2008 13:36:37 -0600

Brandon Enright wrote:

I've chatted in private with Ron about this script but I wanted to
broadcast my praise of it to a larger audience :)

We've been using this script for several days now with quite a bit of
success.  It does have the bad habit of crashing a lot of our
vulnerable hosts but it also /seems/ more comprehensive/complete than a
commercial vulnerability scanner we have that doesn't crash many hosts.

Well, you can thank Metasploit, among others.

If anybody has a reliable and public way that doesn't crash hosts, I'dlike to hear about it.

My only recommendation for this script (really, the SMB library) is to
change the SMB mutex from a global one to a per-IP one.  When scanning
thousands of SMB endpoints serial checking is rather slow.  The only
potential trouble a per-IP mutex would cause is if a dual-homed Windows
machine has the unfortunate luck of being scanned simultaneously on
multiple IPs.

Yeah, I'll definitely do that. When I wrote this originally I didn'tknow how. :)

Great work Ron, thanks a bunch for these libraries and this script!

I'm glad they're appreciated! :)


Brandon



Ron


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

Current thread:

[NSE] MS08-067 check Ron (Nov 05)
- Re: [NSE] MS08-067 check jah (Nov 05)
  - Re: [NSE] MS08-067 check Brandon Enright (Nov 05)
  - Re: [NSE] MS08-067 check Ron (Nov 09)
    - Re: [NSE] MS08-067 check Ron (Nov 09)
    - Re: [NSE] MS08-067 check Brandon Enright (Nov 12)
    - Re: [NSE] MS08-067 check Ron (Nov 12)
    - Re: [NSE] MS08-067 check Ron (Nov 12)
    - Re: [NSE] MS08-067 check Brandon Enright (Nov 12)
- Re: [NSE] MS08-067 check Brandon Enright (Nov 05)
- Re: [NSE] MS08-067 check David Fifield (Nov 05)
  - Re: [NSE] MS08-067 check Ron (Nov 07)