Solução.
#sudo nmap -sC --script=smb-check-vulns --script-args=safe=1 -p445 -d -PN -n -T4 --min-hostgroup 256 --min-parallelism 64 -oA conficker_scan 192.168.1.0-254 > conficker
Na máquina atualizar o XP para o SP3, aplicar os FIX, e também http://brazil.kaspersky.com/recursos/combater-conficker
O legal do NMAP é que o retorno dele é fácil detectar alguma máquina infectada.
Nmap scan report for 192.168.1.110
Host is up, received arp-response (0.0097s latency).
Scanned at 2014-04-03 16:32:49 BRT for 2s
PORT STATE SERVICE REASON
445/tcp open microsoft-ds syn-ack
MAC Address: 00:1D:1A:03:6E:F8 (OvisLink S.A.)
Host script results:
| smb-check-vulns:
| MS08-067: CHECK DISABLED (remove 'safe=1' argument to run)
| Conficker: Likely INFECTED (by Conficker.C or lower)
| regsvc DoS: CHECK DISABLED (add '--script-args=unsafe=1' to run)
| SMBv2 DoS (CVE-2009-3103): CHECK DISABLED (add '--script-args=unsafe=1' to run)
| MS06-025: CHECK DISABLED (remove 'safe=1' argument to run)
|_ MS07-029: CHECK DISABLED (remove 'safe=1' argument to run)
Final times for host: srtt: 9730 rttvar: 15146 to: 100000
Marcos Carraro
Nenhum comentário:
Postar um comentário