Michel Arboi wrote:
> George Stone <[EMAIL PROTECTED]> writes:
>
>
>>I need to verify that the Bugbear plugin does in fact work.
>>
>
> It does. Try to open the 36794 port on a test machine, and you'll get
> a warning at least.
> If you are paranoid and fear that you have a mutated version that
> listens on any port, change the script to test "Services/unknown":
> ---------------------------------
> port = get_kb_item("Services/unknown");
> if (! port) port = 36794;
> # port = 36794;
> if (known_service(port: port) exit(0);
> ---------------------------------
Wow! I never thought of that. Very nice. I commend you.
> Why do you want to test _this_ plugin by the way?
A neighbor was hit with the worm and taken offline. I am doing a hunt
and seek, have not come back with any positive hits and need to verify
in a test environment that my scans are effective.
> Why not the 1000+
> other ones??
The immediate threat is with Bugbear.
Thanks.
--
David
>
>
>>Does anyone know where I can get a copy of the Bugbear worm
>>
>
> Sooner or later, you'll receive one by e-mail :-]
>
>
>>or find an infected host to perform a test scan against?
>>
>
> Well... Considering the nature of the beasty, I seriously doubt that
> anybody will give you such an information. If you have the proper
> tool, you get full control of the remote machine.
> -
> [EMAIL PROTECTED]: general discussions about Nessus.
> * To unsubscribe, send a mail to [EMAIL PROTECTED] with
> "unsubscribe nessus" in the body.
>
>
>
-
[EMAIL PROTECTED]: general discussions about Nessus.
* To unsubscribe, send a mail to [EMAIL PROTECTED] with
"unsubscribe nessus" in the body.
