This looks very interesting. I tried to achieve the same result by creating an SMB session with name *SMBSERVER. This seems to work but I don't know if it is supposed to. Your way may well be better but I don't know what the code is doing to tell. In any case, if your method works out it would be great as a separate plugin. I have had other plugins where I wanted to filter out Windows 9x/Me so having something that writes to the KB could be handy.
Beirne On Thursday 14 August 2003 08:27 am, [EMAIL PROTECTED] wrote: > Hi all, > > Two students here (Keith Bessette and Lina Pezzella) have made changes to > plugin #11808, msrpc_dcom.nasl, to make it more accurate when scanning for > the vulnerability, especially when scanning Windows 95/98/ME computers > (which the previous version had incorrectly returned as "vulnerable"). It > is now roughly as accurate as v1.04 of EEye's free version of their Retina > MS-RPC scanner. > > The changed plugin is available through nessus-update-plugins. If anyone > has any comments or critiques on the method they used send them my way and > we will look into it. If you were relying on the previous version of this > plugin to find vulnerable hosts we recommend you update and re-run your > scan, especially if you have Windows 95/98/ME in your environment. > > Good luck, > > Phil > > ======================================= > Philip A. Rodrigues > Network Analyst, UITS > University of Connecticut > > email: [EMAIL PROTECTED] > phone: 860.486.3743 > fax: 860.486.6580 > web: http://www.security.uconn.edu > ======================================= -- Beirne "Bern" Konarski [EMAIL PROTECTED] "Untouched by Scandal"
