mydoom_scan.c

James Macdonell jmacdone at csusb.edu
Tue Feb 10 21:37:05 GMT 2004


We've been able to discover some mydoom infections with this program. 
If it works for you, please let us know.

Compiling
=========
Linux:
gcc -o mydoom_scan mydoom_scan.c

Solaris:
gcc -lnsl -lsocket -o mydoom_scan mydoom_scan.c


Usage
=====
./mydoom_scan [options] address
	-- check address.
./mydoom_scan [options] first_address last_address
	-- check a range of addresses.

Options:
-h       	displays help
-t sec 	seconds to timeout on connect (default 1)
-u usec	microseconds to timeout on connect (default 500000)
       	(-t and -u will be added together (e.g. default 1.5s))
-c n   	maximum number of child processes (default n=30)

Examples
========
#test one box
./mydoom_scan 192.168.1.3

#test a few boxes
./mydoom_scan 192.168.4.1 192.168.4.127

#test a bunch of boxes on a fast machine
./mydoom_scan -c 300 192.168.1.1 192.168.127.254 | \
grep -v "no response"

-- 
James Macdonell <jmacdone at csusb.edu>
Information Security Analyst
CSU San Bernardino
Phone: 909.880.7262 Fax: 909.880.7189
PGP: http://security.csusb.edu/~jmacdone/pgp.asc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: mydoom_scan.c
Type: text/x-c
Size: 10194 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/unisog/attachments/20040210/e44c88ab/mydoom_scan-0003.bin


More information about the unisog mailing list