[Dshield] nachi/welchia

Mark Tombaugh mtombaugh at alliedcc.com
Thu Jan 8 18:15:15 GMT 2004


On Thursday 08 January 2004 12:21 pm, Richard Ginski wrote:
> We experienced the same thing yesterday. Does anyone know of a tool that
> will _remotely_ detect an infected sytem without using AV software?

Nachi opens up tcp 707 on the infected system, so you can use nmap or your 
point-n-drooler port scanner of choice to find them. 
e.g. "nmap -sS -p 707 192.168.1.0/24" etc. 

Or let the pig loose: <http://www.snort.org> 

-- 
Mark Tombaugh <mtombaugh at alliedcc.com>
Allied Computer Corporation <http://www.alliedcc.com>
USiHOST, iNC <http://www.usihost.com>





More information about the list mailing list