On Sat, 2003-08-02 at 10:54, Chris wrote: > Scanms returns wrong answer when you disabled DCOM on the target box. > (run dcomcnfg, uncheck the "Enable Distributed COM on this computer" > checkbox) I have noticed the same, not just for the ISS scanner but also for the eeye scanner and Nessus. My guess it that the scanners are a bit simple minded and are not checking that dcom is running before sending a probe. When they don't get the correct response to the probe they simply assume it is vulnerable. I've notified IIS, Eeye and Nessus about the problem. -- Russell Fulton, Network Security Officer, The University of Auckland, New Zealand. --------------------------------------------------------------------------- ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Mon Aug 04 2003 - 08:34:36 PDT