RE:New Version of Retina Nimba Scanner

Sun, 23 Sep 2001 16:50:26 -0700 

Yes, false positives here too...

Brendan Murphy
University of Colorado at Denver

On Fri, 21 Sep 2001, John Stauffacher wrote:

> All,
>
> I just ran this scanner and am picking up more false positives than real
> infections. Not only did it pick up all my Macs (they arent even running
> Dave or have any SMB shares), it picked up my indigo and my Snap Server
> (tell me how a snap server gets infected by this?). I realize that
> diagnosing these things is a shot in the dark - but, telling me "open
> guest share" when the machine is not sharing anything (or even listening
> on 139) is kinda a mis-nomer an a cause for panic (130 "infected" out of
> 253 possible)...anyone else seen this kind of false positive from the
> scanner?
>
> -John Stauffacher
>
> +-------------------------+
> ! John Stauffacher        !
> ! Network Administrator   !
> ! Chapman University      !
> ! [EMAIL PROTECTED] !
> +-------------------------+
>
> >
> Date: Thu, 20 Sep 2001 17:31:06 -0700
> From: info <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED], [EMAIL PROTECTED]
> Subject: New Version of Retina Nimba Scanner
>
> A new version of Nimda Scanner has just been posted to the eEye web site
> that will also detect open shares on systems which is a common trait of an
> infection.
>
> http://www.eeye.com/html/Research/Tools/nimda.html
>
> Signed,
> eEye Digital Security
> T.949.349.9062
> F.949.349.9538
>
>
>
> ----------------------------------------------------------------------------
> This list is provided by the SecurityFocus ARIS analyzer service.
> For more information on this free incident handling, management
> and tracking system please see: http://aris.securityfocus.com
>
>
>
>
> ----------------------------------------------------------------------------
> This list is provided by the SecurityFocus ARIS analyzer service.
> For more information on this free incident handling, management
> and tracking system please see: http://aris.securityfocus.com
>
>

Brendan Murphy
Network, Video, and DSL Services
University of Colorado-Denver
Computing, Information & Network Services (CINS)
~~~
TEL 303-556-4308
FAX 303-556-2318
~~~
"It's more than just a race, it's a style.  It's doing
something better than anyone else.  It's being creative."
     - Steve Prefontaine

Reply via email to