[unisog] IRC bot outbreaks
Ken.West at orst.edu
Wed Jul 31 19:16:30 GMT 2002
You can also use the Microsoft baseline security analysis tool for this
From: Reg Quinton [mailto:reggers at ist.uwaterloo.ca]
Sent: Wednesday, July 31, 2002 11:21 AM
To: Anderson Johnston
Cc: unisog at sans.org
Subject: Re: [unisog] IRC bot outbreaks
> Q: What tools are you using to scan for blank administrative
I think I've shared this before ....
What I do is scan for port 139 (using nmap) and trying to run a "dir" of
the c$ share as user administrator with a "" password (using smbclient).
I do that every day at about 13:00 from cron. What we do you can have:
I run from cron daily.
A tool to put a popup message on the user's screen.
These are simple shell scripts which use Samba for the nitty gritty,
nmap to identify machines. You'll need to carve a bit for your search
paths, etc. if you want to use them.
If you pick up the code you'll see I use a "contact" tool in the script
to identify system contacts so I can mail them a note -- that's too much
of a localism to share.
More information about the unisog