All, I just ran this scanner and am picking up more false positives than real infections. Not only did it pick up all my Macs (they arent even running Dave or have any SMB shares), it picked up my indigo and my Snap Server (tell me how a snap server gets infected by this?). I realize that diagnosing these things is a shot in the dark - but, telling me "open guest share" when the machine is not sharing anything (or even listening on 139) is kinda a mis-nomer an a cause for panic (130 "infected" out of 253 possible)...anyone else seen this kind of false positive from the scanner? -John Stauffacher +-------------------------+ ! John Stauffacher ! ! Network Administrator ! ! Chapman University ! ! stauffacherat_private ! +-------------------------+ > Date: Thu, 20 Sep 2001 17:31:06 -0700 From: info <infoat_private> To: incidentsat_private, security-basicsat_private Subject: New Version of Retina Nimba Scanner A new version of Nimda Scanner has just been posted to the eEye web site that will also detect open shares on systems which is a common trait of an infection. http://www.eeye.com/html/Research/Tools/nimda.html Signed, eEye Digital Security T.949.349.9062 F.949.349.9538 ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Fri Sep 21 2001 - 11:13:11 PDT