This tool is quite detectable on NT systems. Ran it against one of our NT farms and here is the info that showed up in the NT system log
Event ID: 10003 User: n/a Source: DCOM Type: Error Access denied attempting to launch a DCOM Server using DefaultLaunchPermission The server is: {0002DF01........} The user is Unavailable/Unavailable, SID=Unavailable. FYI...... Preston On Tue, 2003-07-29 at 11:26, Robert Banniza wrote: > Just received this from ISS minutes ago...Another RPC vulnerability > scanning tool: > > http://www.iss.net/support/product_utilities/ms03-026rpc.php > > Couple things we have noticed.... > > 1) OS identification is pretty much hit and miss > 2) We have seen where XP SP1 unpatched doesn't show vulnerable (this > patch was previously installed and then un-installed.) However, machine > is confirmed vulnerable. > > Anyone else know what the last column of the output means? i.e. '5.6' or > '0.0'? > > Robert > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html