Vulnerability Scanning archives - IT Trenches
Home > IT Blogs > IT Trenches >

IT Trenches:

vulnerability scanning

Nov 19 2009   3:21PM GMT

Online Nmap video training - scan your network



Posted by: Troy Tate
nmap, scanning, penetration testing, vulnerability scanning, host identification, blackhat, whitehat, hacker, network testing, education, network analysis, training, online training, free training, training resources

Nmap has been around a long time. It has become an indispensable tool for identifying systems, services and vulnerabilities on a network. It has also been featured in movies like The Matrix Reloaded, Bourne Ultimatum and Die Hard 4. What other network tool do you have in your toolkit that is a movie star?

I came across a great training resource for Nmap. It is a video by the author of Nmap, Gordon “Fyodor” Lyon. This particular video is from Defcon 16 Black Hat Briefings 2008. It is a great video because you learn some tips and tricks from the Nmap master. Take some time and learn about scan timing settings in Nmap that can get you results much faster. Learn also about analyzing responses of firewalled hosts versus non-firewalled hosts. The tips I learned in this video made a big difference in getting my job done.

The CosmoLearning website has a lot of excellent computer science content. This is a website to bookmark if you are a computer professional or student. You will find something of interest whether it be artificial intelligence, computer graphics, programming theory, or robotics.

Thanks for reading & let’s continue to be good network citizens!

AddThis Social Bookmark Button     0 Comments     RSS Feed     Email a friend

Mar 31 2009   3:32PM GMT

Simple Conficker Scanner tool released - find the infected machines



Posted by: Troy Tate
honeynet, diagnostic tools, Conficker, ms08-067, antivirus, patches, anti-virus, detection, scanning, vulnerability scanning, vulnerability

A Simple Conficker Scanner (SCS) tool has been released by members of the Honeynet Project. This tool can be run under linux or Windows. It runs a specially crafted RPC query against a host or range of IP addresses. The tool will tell if systems are clean or potentially infected. I am running this tool against hosts on my network and I found a Windows 2000 server apparently infected by Conficker. I am in the process of clean-up on that host. It looks like a couple of things contributed to the infection on this computer:

1. Out of date anti-virus. The antivirus signatures had not been updated since January 2008.

2. Microsoft patches not applied.

Folks, the advice about maintaining up-to-date AV and applying patches is good advice. Heed the warnings and save yourself some troubles of clean-up. I will be having a discussion with my operations team about this situation and make it clear that we should have been prepared for this and this situation should not have arisen.

I am also following the advice from McAfee on Combating the Conficker worm

For more details on how the Conficker worm actually works, follow the links in my blog

The Conficker Analysis - are you ready for April 1?

Thanks for reading. Let’s continue to be good network citizens.

AddThis Social Bookmark Button     0 Comments     RSS Feed     Email a friend