Netsend and Selfscan
Phil.Rodrigues at uconn.edu
Phil.Rodrigues at uconn.edu
Mon Oct 27 20:13:16 GMT 2003
I got a few requests for the netsend and selfscan scrips we use, so here
they are. Mike Lang of UConn made netsend.pl, and Mike and Josh Richard
of the University of Minnesota - Duluth worked on selfscan.pl. I don't
really do much of anything. :-)
Attached are the files we use for our network self-scanner. It is the
method we use to get the attention of the thousands of users that
sometimes fall through the support cracks, and to encourage them to patch
their computers. These are all geared towards MS03-039 right now, but can
be used for pretty much anything if you insert the proper scanner. The
zip file contain three folders:
netsend: Contains the files needed to send mass netsend pop-ups directing
hosts to the selfscanner. netsend.pl is the code, message.txt is the
message you want to send, and ips.txt are the hosts you want to send the
pop-ups to. We used rpcscan to make lists of vulnerable ips, but you
could use whatever scanner you like. You can just use netsend.pl to get
people's attention without directing them to selfscan if you prefer - just
change the message.
html: Contains the webpages needed for the selfscanner. index.html is the
splash page they are directed to from the netsend, and it has the link
they follow to really start selfscan. vulnerable.html has the patches
they need and simple instructions on how to download and install them.
not-vulnerable.html tells them to have a nice day. error.html suggests
they install the patch anyway since we could not tell them if they need it
or not. I took the images out for size, but be sure to take a screenshot
of the netsend and link it to index.html so people know the netsend they
got was somewhat legit. We host the patches on that server as well, but I
changed them to .txt to keep this file small.
Here it is in action. You can add vulnerable.html. etc in the URL to see
the other pages.
cgi-bin: Contains the perl code used in the selfscanner. The index.html
in the html directory links to this, and it in turn bounces them to
vulnerable.html or not-vulnerable.hmtl depending on what the scanner
returns. This version relies on nmap and rpcscan to be installed, but I
think all of the variables are documented in it. I think this is fairly
portable, but there still may be UConn-specific references buried in it
somewhere. Don't try to run this without reading it first. :-)
rpcscan is here:
netsend is probably useful to some people immediately. selfscan is tied
to rpcscan right now, which is specific to MS03-039. We are hoping to
update rpcscan for the messenger vulnerability, after which I may put all
of this on a site for people to use.
Feel free to shoot me an email if you have a question.
Philip A. Rodrigues
Network Analyst, UITS
University of Connecticut
email: phil.rodrigues at uconn.edu
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 9406 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/unisog/attachments/20031027/bda24612/selfscan-0003.zip
More information about the unisog