[unisog] Updated NetReg Scanner

Phil.Rodrigues at uconn.edu Phil.Rodrigues at uconn.edu
Mon Sep 15 15:33:15 GMT 2003


We have released a new version of rpcscan, version 0.3.  Last week's 
release was fast in case something nasty came out soon, this release 
attempts to be much more thorough.  It incorporates all of the changes 
people sent into us (thanks!!).

New Features:

- Class B scanning (Jordan Wiens at ufl.edu) 
- Timeout option (-t) now takes milliseconds instead of seconds 
- Default timeout increased from 0.5ms to 300ms 
- Received timeout increased from 300ms to 3 seconds 
- Usage docs improved 
- Results output improved 
- Error reporting improved 
- Code can be switched between CLI and NetReg modes by setting #define 
CLIMODE 

Instead of constantly bombarding you with news of new releases we have 
made a webpage.  Check it out if you want to see if there is a new version 
or to report a  bug.

http://www.security.uconn.edu/netregscan/

Please submit any questions, comments, and changes to security at uconn.edu.  
This is a community effort, and your help and feedback are encouraged.

Phil

PS - The Class B scan is occasionally unstable.  If you are a programmer 
and want to take a shot at fixing it let us know. 

=======================================
Philip A. Rodrigues
Network Analyst, UITS
University of Connecticut

email: phil.rodrigues at uconn.edu
phone: 860.486.3743
fax: 860.486.6580
web: http://www.security.uconn.edu
=======================================





Phil.Rodrigues at uconn.edu
09/11/2003 03:17 PM

 
        To:     unisog at sans.org
        cc: 
        Subject:        [unisog] Updated NetReg Scanner



Hi all,

Here are two new Linux command-line scanners that you can use to find 
hosts
that are vulnerable to both MS03-026 (old) and MS03-039 (new).  If you are
using NetReg Scanner in your network you should upgrade to this latest
version as soon as is resonable.  These scanners should now work as well 
as
the recently updated Microsoft and EEye scanners.

rpcscan2.c - The new code you should use in your NetReg Scanner to 
properly
detect hosts that are vulnerable to MS03-039.  It returns results that 
only
make sense to NetReg Scan (1 or 0).  It should compile on most Linux
distros with the following command: gcc -o rpcscan2 rpcscan2.c

http://security.uconn.edu/netregscan/rpcscan2.c

rpcscan_range2.c - A command-line Linux scanner that accepts address 
ranges
instead of just a single address.  It is the fastest way we have found to
scan Class C size networks.  It returns more human-readable results than
rpcscan2.c.  It should compile on most Linux distros with the following
command: gcc -o rpcscan_range2 rpcscan_range2.c

http://security.uconn.edu/netregscan/rpcscan_range2.c

(We would love for someone to hack that to scan Class Bs.)

We have also updated the jumppage.cgi that is the heart of the NetReg
Scanner.  It references the updated scanner to return proper results.  It
is bundled with the rpcscan2.c into a single bzipped file.

http://security.uconn.edu/netregscan/jumppage.cgi.txt
http://security.uconn.edu/netregscan/netreg-mod2.tar.bz2

If you have questions or comments about these tools please direct them to
security at uconn.edu.  We tried to get them out as fast as possible, but we
also tried to test them fairly thoroughly.

Thanks to Mike Lang and Keith Bessette of the University of Connecticut,
Josh Richard of the University of Minnesota-Duluth, and anyone else I may
have missed.

Phil

PS - Nessus plugin ID 11835 should detect the new vulnerability if you are
using that:

http://cgi.nessus.org/plugins/dump.php3?id=11835

=======================================
Philip A. Rodrigues
Network Analyst, UITS
University of Connecticut

email: phil.rodrigues at uconn.edu
phone: 860.486.3743
fax: 860.486.6580
web: http://www.security.uconn.edu
 =======================================







More information about the unisog mailing list