[Dshield] OK, who's the wise guy? (odd stuff in DShield server log....)
jayjwa at atr2.ath.cx
Sun Mar 5 12:39:10 GMT 2006
On Sat, 4 Mar 2006, Johannes B. Ullrich wrote:
-> DFind, a web-vulnerability scanner, is using the 'isc.sans.dfind' string
-> to identify itself. Not sure why.
-> (Its not that the ISC is involved in the development of the tool).
Odd... I have that tool, but no strings in it that look like that. I believe
it's by class101. My version is focused on things like Radmin and WINS
OK, new version out. I'm guessing he's expanded the scope of it. A few too
many traffic redirects (paypal.com, alienware, elsenot.com, etc,etc),
will keep me from updating this one. Wait for it on packetstorm or wherever.
"We at the Internet Storm Center distance ourselves from this tool that this
labeled by at least one security company as a hacker tool".
Just to point out, Nmap is labeled "hacker tool" as well as many other things,
even Netcat by some. Old versions of Pestpatrol even had a listing for "linux
kernel" and told how to remove it. If you consider vulnerability scanners as
hacker tools, certainly Nessus is grand-daddy of them.
More information about the list