RE: TFTP Scanner recommendation requested

From: Michael Gorsuch (mgorsuchat_private)
Date: Wed Aug 13 2003 - 14:26:50 PDT

  • Next message: cprestonat_private: "Re: Infrared Vulns on laptops"

    The first place I would start is NMAP - if any machine responds with
    that port open, it needs to be checked regardless if there is an
    operating tftp server or not.
    
    Hope this helps, 
    
    Michael Gorsuch
    Aiki Network Security and Solutions
    mgorsuchat_private
    http://www.aikinetworks.com
    
    
    -----Original Message-----
    From: Barry Fitzgerald [mailto:bkfsecat_private] 
    Sent: Wednesday, August 13, 2003 1:54 PM
    To: pen-testat_private
    Subject: TFTP Scanner recommendation requested
    
    Hello,
    
           First of all, my office just got completely pelted with a scan 
    looking for open udp/69 ports with tftp requests being made on each 
    port. (Our IDS alerted me to this). I know that msblast opens up that 
    port during the worm-infection period.  So, the fact that this is 
    happening right now is not surprising.  Is anyone else noticing this? (I
    
    know that we aren't infected with msblast, so it's not worm traffic - 
    and I have verified that this is an automated backdoor scan.)
    
           Anyway, the reason I'm writing this to the pen-test list is for a
    
    recommendation.  I'd like to keep my eye out for open tftp servers on my
    
    LAN just in case.  Does anyone have a recommendation for a tftp scanner 
    that can scan a range of IPs for functioning tftp listeners? 
    
           This is for professional defense and pen testing, obviously, and 
    not for a "how do I hack?" kind of BS request. :)
    
    
                    -Barry
    
    
    
    ------------------------------------------------------------------------
    ---
    ------------------------------------------------------------------------
    ----
    
    
    
    
    ---------------------------------------------------------------------------
    ----------------------------------------------------------------------------
    



    This archive was generated by hypermail 2b30 : Wed Aug 13 2003 - 15:42:07 PDT