> Nmap with no timing options: > done: 256 IP addresses (224 hosts up) scanned in 40.38 seconds > Nmap with -T5 > done: 256 IP addresses (224 hosts up) scanned in 8.94 seconds > Nessus using the command you sent earlier. > 2m36.659s
Oh, i c, you were running Nessus on a 486 right and Nmap on a Core 2 Duo? :) Thanks for the data, I will pass it along. Cheers, Paul > > > -jhs > > > On Mar 30, 2009, at 12:40 PM, Paul Asadoorian wrote: > >> Okay, to better answer your question, the Nmap NSE script checks for: >> >> * MS08-067, a Windows RPC vulnerability >> * Conficker, an infection by the Conficker worm >> * Unnamed regsvc DoS, a denial-of-service vulnerability I accidentically >> found in Windows 2003 >> >> The NASL script in Nessus only checks for the presence of conficker >> (conficker responds to certain RPC calls with specific error codes). >> >> So, if you are scanning a large network (class B for example), I'd lean >> towards the Nessus plugin if its speed your after. Of course, its not a >> bad idea to check for the MS08-067 vulnerability while you're at it :) >> >> Also, there is another Nessus plugin that will help detect Conficker: >> >> http://www.nessus.org/plugins/index.php?view=single&id=35322 >> <http://www.nessus.org/plugins/index.php?view=single&id=35322> >> >> It detects: >> >> "Regardless of the request that's made, the remote web server returns a >> Microsoft executable." >> >> Which is behavior exhibited by Conficker.A. >> >> Cheers, >> Paul >> >> Albert R. Campa wrote: >>> interesting, so not having looked at this yet, whats the difference >>> between that and scanning with Nessus? >>> >>> >>> __________________________________ >>> Albert R. Campa >>> >>> >>> 2009/3/30 John Sawyer <[email protected] <mailto:[email protected]>> >>> >>> The Conficker check is in the latest SVN version of Nmap. It's in >>> the smb-check-vulns.nse which now checks for Conficker, MS08-067 and >>> a regsvc DoS. >>> >>> nmap --script smb-check-vulns.nse -p445 >>> >>> For safety's sake, you might want to also run it with >>> --script-args=unsafe=1 to prevent possible crashes from the regsvc >>> check. That should not turn off the conficker check. >>> >>> -jhs >>> >>> On Mar 30, 2009, at 11:10 AM, Chris Merkel wrote: >>> >>>> According to this: >>>> http://www.theregister.co.uk/2009/03/30/conficker_signature_discovery/ >>>> >>>> A script should be released today to scan for conficker-infected >>>> machines over the wire. >>>> >>>> I looked at the NSE portal and haven't seen anything yet - would it >>>> show up there, or is there a development site or repository where >>>> this >>>> will first appear? >>>> >>>> I'd like to get a scan in before April 1st, when variant C drops. >>>> >>>> -- >>>> - Chris Merkel >>>> > > ------------------------------------------------------------------------ > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com -- Paul Asadoorian PaulDotCom Enterprises Web: http://pauldotcom.com Phone: 401.829.9552 _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
