[Dshield] OK, who's the wise guy? (odd stuff in DShield server log....)

jayjwa jayjwa at atr2.ath.cx
Sun Mar 5 12:39:10 GMT 2006


On Sat, 4 Mar 2006, Johannes B. Ullrich wrote:

-> DFind, a web-vulnerability scanner, is using the 'isc.sans.dfind' string
-> to identify itself. Not sure why.
-> (Its not that the ISC is involved in the development of the tool).

Odd... I have that tool, but no strings in it that look like that. I believe 
it's by class101. My version is focused on things like Radmin and WINS 
vulns...

OK, new version out. I'm guessing he's expanded the scope of it. A few too 
many traffic redirects (paypal.com, alienware, elsenot.com, etc,etc), 
mandatory javascript, and a board that requires sign-up just to view the rules 
will keep me from updating this one. Wait for it on packetstorm or wherever.


At http://isc.sans.org/diary.php?storyid=900:

"We at the Internet Storm Center distance ourselves from this tool that this 
labeled by at least one security company as a hacker tool".

Just to point out, Nmap is labeled "hacker tool" as well as many other things, 
even Netcat by some. Old versions of Pestpatrol even had a listing for "linux 
kernel" and told how to remove it. If you consider vulnerability scanners as 
hacker tools, certainly Nessus is grand-daddy of them.



More information about the list mailing list