Netsend and Selfscan

Phil.Rodrigues at uconn.edu Phil.Rodrigues at uconn.edu
Mon Oct 27 20:13:16 GMT 2003


Hi all,

I got a few requests for the netsend and selfscan scrips we use, so here 
they are.  Mike Lang of UConn made netsend.pl, and Mike and Josh Richard 
of the University of Minnesota - Duluth worked on selfscan.pl.  I don't 
really do much of anything. :-)

Attached are the files we use for our network self-scanner.  It is the 
method we use to get the attention of the thousands of users that 
sometimes fall through the support cracks, and to encourage them to patch 
their computers.  These are all geared towards MS03-039 right now, but can 
be used for pretty much anything if you insert the proper scanner.  The 
zip file contain three folders:

netsend: Contains the files needed to send mass netsend pop-ups directing 
hosts to the selfscanner.  netsend.pl is the code, message.txt is the 
message you want to send, and ips.txt are the hosts you want to send the 
pop-ups to.  We used rpcscan to make lists of vulnerable ips, but you 
could use whatever scanner you like.  You can just use netsend.pl to get 
people's attention without directing them to selfscan if you prefer - just 
change the message.

html: Contains the webpages needed for the selfscanner.  index.html is the 
splash page they are directed to from the netsend, and it has the link 
they follow to really start selfscan.  vulnerable.html has the patches 
they need and simple instructions on how to download and install them. 
not-vulnerable.html tells them to have a nice day.  error.html suggests 
they install the patch anyway since we could not tell them if they need it 
or not.  I took the images out for size, but be sure to take a screenshot 
of the netsend and link it to index.html so people know the netsend they 
got was somewhat legit.  We host the patches on that server as well, but I 
changed them to .txt to keep this file small.

Here it is in action.  You can add vulnerable.html. etc in the URL to see 
the other pages.

http://turkey.uits.uconn.edu/selfscan/

cgi-bin: Contains the perl code used in the selfscanner.  The index.html 
in the html directory links to this, and it in turn bounces them to 
vulnerable.html or not-vulnerable.hmtl depending on what the scanner 
returns.  This version relies on nmap and rpcscan to be installed, but I 
think all of the variables are documented in it.  I think this is fairly 
portable, but there still may be UConn-specific references buried in it 
somewhere.  Don't try to run this without reading it first. :-)

rpcscan is here:

http://www.security.uconn.edu/netregscan/

netsend is probably useful to some people immediately.  selfscan is tied 
to rpcscan right now, which is specific to MS03-039.  We are hoping to 
update rpcscan for the messenger vulnerability, after which I may put all 
of this on a site for people to use.

Feel free to shoot me an email if you have a question.

Phil

=======================================
Philip A. Rodrigues
Network Analyst, UITS
University of Connecticut

email: phil.rodrigues at uconn.edu
phone: 860.486.3743
fax: 860.486.6580
web: http://www.security.uconn.edu
=======================================
-------------- next part --------------
A non-text attachment was scrubbed...
Name: selfscan.zip
Type: application/zip
Size: 9406 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/unisog/attachments/20031027/bda24612/selfscan-0003.zip


More information about the unisog mailing list