[unisog] Quick-and-dirty to find vulnerable systems

Anderson Johnston andy at umbc.edu
Mon Jul 30 22:04:33 GMT 2001


On Mon, 30 Jul 2001, Anne Bennett wrote:

>
> Anderson Johnston <andy at umbc.edu> writes:
>
> > If anyone has another method, please share.
> >
> >
> > 1.) Run nmap to check your network for port 80 and Windows systems.
> >
> > nmap -sS -O -p 80 -n -oM nmap.out <your network)
>
> I'm curious to know why you're using -sS instead of -sT.
>
> Also, it may turn out to be faster, on a large network, to skip "-O",
> and scan all your web servers with the script.
>
>
> Anne.
> --
> Ms. Anne Bennett, Senior Analyst, IITS, Concordia University, Montreal H3G 1M8
> anne at alcor.concordia.ca                                        +1 514 848-7606
>


-sS	Tradition, really.  The SYN-SYN/ACK-RST for a hit (or SYN-RST for
	a miss) is also quick and efficient in terms of packet exchanges

-O	I included that so that I could distinguish Windows systems from
	Unix ones.  If you know that all the web servers on your network
	are Windows systems, then you can just look for port 80.  You
	could also look for port 80, 135 and 139, but there are enough
	surprises on our network that I decided to let nmap decide who
	was running Windows using its sig base.

Good call, though.  Avoiding the system ID phase speeds things up
considerably.  I'll try it after the first round of patching.

						- Andy

------------------------------------------------------------------------------
** Andy Johnston (andy at umbc.edu)          *            pager: 410-678-8949  **
** Distributed Systems Manager            * PGP key:(afj2000) 1024/F67035E1 **
** Office of Information Technology, UMBC *        5D 44 1E 2E A6 7C 91 7A  **
** 410-455-2583 (v)/410-455-1065 (f)      *        C4 66 5F D5 BA B9 F6 58  **
------------------------------------------------------------------------------



More information about the unisog mailing list