Early
versions of the tools from both ISS and eEye had problems with false positives.
These problems seems to be fixed in the most recent versions. Foundstone and MS
are probably running into the same issues with their first releases. MS probably
won't get it right until version 3.1...
Founstone's RPCScan 1.01 looks like it correctly identifies Win9x
computers. Make sure you're using that version. I don't like Founstone's
RPCScan anyway because there's no way to export the results or generate a
report. I use scanms.exe from ISS, and run it through a little perl program I
wrote that takes a list of IP ranges, scans them, and generates a spreadsheet
with the systems it found, the vulnerability status, dns and netbios names,
domain, user, and mac address. This has been useful it tracking down and
disconnecting people who don't want to patch their systems for whatever
reason.
Jerry
-----Original Message-----
From: Nadeem Rafi [mailto:[EMAIL PROTECTED]
Sent: Wednesday, September 03, 2003 5:07 AM
To: [EMAIL PROTECTED]
Subject: [Full-Disclosure] Scanning the PCs for RPC VulnerabilityI have found some faults in the scanning tools available from Foundstone and Microsoft for RPC vulnerable machines. Both of these tools are not error free. These tools are showing the ip addresses of even those machines which are Windows 9x, Windows98/Sec, Windows ME. Both tools are not free from this error.And Foundstone's RPC Scan tool is even more error prone. If you even applied all the patches in correct sequence even then some of my machines are reported as "Vulnerable".Any body have any experience with these problems or any suggestions please let me know.Best Regards,Nadeem Rafi
Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. |
