Hosting Provided By

RE: Command Line RPC vulnerability scanner?

From: Russell Fulton <r.fulton(at)auckland.ac.nz>
Date: Sun Aug 03 2003 - 21:42:48 EDT

On Sat, 2003-08-02 at 10:54, Chris wrote:

> Scanms returns wrong answer when you disabled DCOM on the target box.

I have noticed the same, not just for the ISS scanner but also for the eeye scanner and Nessus. My guess it that the scanners are a bit simple minded and are not checking that dcom is running before sending a probe. When they don't get the correct response to the probe they simply assume it is vulnerable.

I've notified IIS, Eeye and Nessus about the problem.

-- 
Russell Fulton, Network Security Officer, The University of Auckland,
New Zealand.


---------------------------------------------------------------------------
----------------------------------------------------------------------------

Received on Mon Aug 4 11:36:01 2003

This message: [ Message body ]
Next message: att13543: "RE: WORM_MIMAIL.A Anyone have any info on what this does yet?"
Previous message: Schrack, Robert: "RE: Pdmin / Trojaned csrss.exe"
Maybe in reply to: JAMIE CRAWFORD: "Command Line RPC vulnerability scanner?"
In reply to Makoto Shiotsuki: "Re: Command Line RPC vulnerability scanner?"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:02:14 EDT