[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Full-Disclosure] Nachi Worm

To: "Norman Girard" <ngirard@qualys.com>, "David Loyd" <2of2@unimatrix01.us>, <isp-security@isp-securtiy.com>
Subject: RE: [Full-Disclosure] Nachi Worm
From: "Discini, Sonny" <Sonny.Discini@montgomerycountymd.gov>
Date: Thu, 4 Dec 2003 17:24:20 -0500

Actually, if you scan for port 707 and it is open, you can be sure that
the box is infected. This is how we pinpoint Welchia/Nachia infections. 
 
 
Sonny Discini
Network Security Engineer
Department of Technology Services
Enterprise Infrastructure Division
Montgomery County Government
-----Original Message-----
From: Norman Girard [mailto:ngirard@qualys.com] 
Sent: Thursday, December 04, 2003 3:32 PM
To: David Loyd; isp-security@isp-securtiy.com
Cc: full-disclosure@lists.netsys.com
Subject: RE: [Full-Disclosure] Nachi Worm


Dave,
 
You can scan but only through the registry access. You need to provide
the login credentials of the domain...

        -----Original Message-----
        From: David Loyd [mailto:2of2@unimatrix01.us]
        Sent: Thursday, December 04, 2003 11:53 AM
        To: isp-security@isp-securtiy.com
        Cc: full-disclosure@lists.netsys.com
        Subject: [Full-Disclosure] Nachi Worm
        
        
        Does any one know if you can sacn of the nachi worm or the
rpc.dcom vulnerability with nessus
         
        Thanks
        
        Dave

Prev by Date: RE: [Full-Disclosure] Nachi Worm
Next by Date: [Full-Disclosure] [iSEC] Linux kernel do_brk() vulnerability details
Previous by thread: RE: [Full-Disclosure] Nachi Worm
Next by thread: [Full-Disclosure] [EXPLOIT] Windows XP Workstation New Exploit (MS03-049)
Index(es):
- Date
- Thread