RE: [Full-Disclosure] Re: Nachi Worm
Date: Thu Dec 04 2003 - 17:49:39 CST
> -----Original Message-----
> From: full-disclosure-admin@lists.netsys.com
> [mailto:full-disclosure-admin@lists.netsys.com] On Behalf Of
> Gabriel L. Somlo
> Sent: Thursday, December 04, 2003 4:48 PM
> To: full-disclosure@lists.netsys.com
> Subject: [Full-Disclosure] Re: Nachi Worm
>
> I just use nmap to scan for machines listening on tcp port
> 707. Very few false positives, good scaling:
>
> nmap -sS -p707 -oG - AAA.BBB.0.0/16 | grep 'Ports: 707/open/tcp' \
> | cut -d' ' -f2 \
> | sort -t. -k3,3n -k4,4n \
> | mail -s "Nachi
> suspects" foo@bar.com
>
And *that* is why I love Unix. :-)
Paul Schmehl (pauls@utdallas.edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/~pauls/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Received on Thu Dec 04 18:48:11 2003
This archive was generated by hypermail 2.1.8 : Thu Dec 04 2003 - 19:01:00 CST
