Try using the Nessus scanner and only scan for know Trojans. This will at least give you a list of any know Trojans that are running. Joshua Scott Security Systems Analyst 626-568-7024 -----Original Message----- From: Jason [mailto:cisspstudyat_private] Sent: Thursday, May 09, 2002 4:03 PM To: pen-testat_private Subject: Determining Trojans, File & Print Sharing, Services running remotely on W2K I will be performing a workstation audit on 300 W2k workstations across the network. I need to scan to see: 1. If there are any trojans running on these hosts. 2. Whether shares are activated on these hosts. 3. Whether anti-virus is installed. I will have domain administrator rights and all workstations are in the windows NT 4.0 domain. What tools do people recommend for performing each of these steps? I will be scanning for workstations within a specific IP range. For Trojan Scanning I have seen tools like TFAK. But I am not sure how good it is and I know it can't be run on a block of IP's. For determining whether shares are activated maybe I could use something like Legion ? For determining whether anti-virus is installed I need a tool that can dump a list of services running on a remote host for a block of IP addresses. Any help appreciated. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/ ====================================================================================== NOTICE - This communication may contain confidential and privileged information that is for the sole use of the intended recipient. Any viewing, copying or distribution of, or reliance on this message by unintended recipients is strictly prohibited. If you have received this message in error, please notify us immediately by replying to the message and deleting it from your computer. ============================================================================== ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Mon May 13 2002 - 11:37:05 PDT