[unisog] Updated NetReg Scanner

Greg Fuller gfuller at Oswego.EDU
Fri Sep 12 01:33:38 GMT 2003


Has anyone been able to get this new version to compile under Solaris?  We
are using Solaris 9, and didn't have any problems compiling the old
version using "gcc -lsocket -lnsl -o rpcscan rpcscan.c".  With the new
code below when I run it I get a "failed to set timeout" error.  I'm no
programmer.  Anyone seeing this error and can help out?  Thanks!

--greg


Gregory A. Fuller
Associate Network Administrator
State University of New York at Oswego
Phone: (315) 312-5750
http://www.resnet.oswego.edu


On Thu, 11 Sep 2003 Phil.Rodrigues at uconn.edu wrote:

>
> Hi all,
>
> Here are two new Linux command-line scanners that you can use to find hosts
> that are vulnerable to both MS03-026 (old) and MS03-039 (new).  If you are
> using NetReg Scanner in your network you should upgrade to this latest
> version as soon as is resonable.  These scanners should now work as well as
> the recently updated Microsoft and EEye scanners.
>
> rpcscan2.c - The new code you should use in your NetReg Scanner to properly
> detect hosts that are vulnerable to MS03-039.  It returns results that only
> make sense to NetReg Scan (1 or 0).  It should compile on most Linux
> distros with the following command: gcc -o rpcscan2 rpcscan2.c
>
> http://security.uconn.edu/netregscan/rpcscan2.c
>
> rpcscan_range2.c - A command-line Linux scanner that accepts address ranges
> instead of just a single address.  It is the fastest way we have found to
> scan Class C size networks.  It returns more human-readable results than
> rpcscan2.c.  It should compile on most Linux distros with the following
> command: gcc -o rpcscan_range2 rpcscan_range2.c
>
> http://security.uconn.edu/netregscan/rpcscan_range2.c
>
> (We would love for someone to hack that to scan Class Bs.)
>
> We have also updated the jumppage.cgi that is the heart of the NetReg
> Scanner.  It references the updated scanner to return proper results.  It
> is bundled with the rpcscan2.c into a single bzipped file.
>
> http://security.uconn.edu/netregscan/jumppage.cgi.txt
> http://security.uconn.edu/netregscan/netreg-mod2.tar.bz2
>
> If you have questions or comments about these tools please direct them to
> security at uconn.edu.  We tried to get them out as fast as possible, but we
> also tried to test them fairly thoroughly.
>
> Thanks to Mike Lang and Keith Bessette of the University of Connecticut,
> Josh Richard of the University of Minnesota-Duluth, and anyone else I may
> have missed.
>
> Phil
>
> PS - Nessus plugin ID 11835 should detect the new vulnerability if you are
> using that:
>
> http://cgi.nessus.org/plugins/dump.php3?id=11835
>
> =======================================
> Philip A. Rodrigues
> Network Analyst, UITS
> University of Connecticut
>
> email: phil.rodrigues at uconn.edu
> phone: 860.486.3743
> fax: 860.486.6580
> web: http://www.security.uconn.edu
>  =======================================
>
>



More information about the unisog mailing list