Thanks!  That helps a lot.  However, my results aren't quite what I'd
hoped.  Every machine that has 445 open, I get the result below.  What would
make the Conficker scan fail?  Suggestions?  Thanks


PORT    STATE SERVICE

445/tcp open  microsoft-ds

Host script results:
|  smb-check-vulns:
|  MS08-067: FIXED
|  Conficker: ERROR: SMB: Failed to receive bytes: ERROR
|_ regsvc DoS: NOT RUN (add --script-args=unsafe=1 to run)



Dan Baxter
-------------------------------------------------
Quis custodiet ipsos custodes?


2009/3/31 Russell Butturini
<[email protected]<https://mail.google.com/mail?view=cm&tf=0&[email protected]>
>

>  I found you need to add the –vv (very verbose) flag using that command.
> Otherwise you don’t see the script results.  See below:
>
>
>
> Discovered open port 445/tcp on x.x.x.x
>
> Completed SYN Stealth Scan at 09:29, 0.00s elapsed (1 total ports)
>
> NSE: Initiating script scanning.
>
> Initiating NSE at 09:29
>
> Completed NSE at 09:29, 0.50s elapsed
>
> Host x.x.x.x appears to be up ... good.
>
> Scanned at 2009-03-31 09:29:47 Central Daylight Time for 1s
>
> Interesting ports on x.x.x.x:
>
> PORT    STATE SERVICE
>
> 445/tcp open  microsoft-ds
>
> MAC Address: 00:11:25:E9:04:52 (IBM)
>
>
>
> Host script results:
>
> |  smb-check-vulns:
>
> |  MS08-067: FIXED
>
> |  Conficker: Likely CLEAN
>
> *From:* 
> [email protected]<https://mail.google.com/mail?view=cm&tf=0&[email protected]>[mailto:
> [email protected]<https://mail.google.com/mail?view=cm&tf=0&[email protected]>]
> *On Behalf Of *Dan Baxter
> *Sent:* Tuesday, March 31, 2009 9:01 AM
> *To:* PaulDotCom Security Weekly Mailing List
> *Subject:* Re: [Pauldotcom] Scanning for Confiker via nmap
>
>
>
> So forgive my lack of nmap-fu, but if I run this what am I looking for?  I
> get back responses that list some with 445 open, some closed and a few
> filtered.  How do I determine which may be infected.
>
>
> for clarification I'm running nmap -p 445 --script smb-check-vulns.nse
>
> Thanks
>
> Dan Baxter
> -------------------------------------------------
> Quis custodiet ipsos custodes?
>
>
> _______________________________________________
> Pauldotcom mailing list
> [email protected]<https://mail.google.com/mail?view=cm&tf=0&[email protected]>
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com
>
_______________________________________________
Pauldotcom mailing list
[email protected]
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

Reply via email to