Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

RE: MSBlast CLI scanner (unix)?

  • From: Ingevaldson, Dan (ISS Atlanta)
  • Date: Fri Aug 15 16:56:45 2003


There is no reliable way to detect if a computer is infected with
blaster without logging into it and looking for the reg key or the
executable.  The backdoors (tftp and 4444) are not permanent.  ISS
X-Force released a great scanner for the vulnerability itself.  It does
two different checks to see if a box is patched, and it will detect the
difference between a machine that has DCOM disabled or if it is patched.
It's available here:

Daniel Ingevaldson
Engineering Manager, X-Force R&D 
Internet Security Systems, Inc.
The Power to Protect 

-----Original Message-----
From: David A. Ulevitch [] 
Sent: Friday, August 15, 2003 4:34 PM
Subject: MSBlast CLI scanner (unix)?


I've seen a couple of the windows-based MSBlast scanners but I'm looking
for a unix tool to simply plug in an IP/netmask and have it scan via the
command line and return the status of the vulnerability (patched,
unaffected, exploited, etc).

Has anyone found or heard of one that runs on *nix or have any other


   David A. Ulevitch -- -+-
Campus Box 6957 + Washington University in St. Louis

Discussion Communities

About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home

Merit Network, Inc.