Find Those MyDoom Infected Machines on your network...

Page 2 - Seeking answers? Join the AnandTech community: where nearly half-a-million members share solutions and discuss the latest tech.
Toggle sidebar Toggle sidebar
Confused

Confused

Elite Member
Nov 13, 2000
14,166
0
0
Didn't find anything on the network...hopefully it worked well and all are clean, and not a PICNIC error!! :)


Confused
 
vi edit

vi edit

Elite Member
Super Moderator
Oct 28, 1999
62,484
8,345
126
My network is Doomless.

Yay for me!

Cool little utility. Thanks for sharing :)
 
FoBoT

FoBoT

No Lifer
Apr 30, 2001
63,084
15
81
fobot.com
just to clarify, this just searches for open ports that mydoom is known to create on infected boxen, it doesn't actually search the filesystem of any pc's


correct?

so if a mydoom variant were modified to use different ports, your .bat file would have to be modified to look for the new ports
 
H

hevnsnt

Lifer
Mar 18, 2000
10,868
1
0
Originally posted by: FoBoT
just to clarify, this just searches for open ports that mydoom is known to create on infected boxen, it doesn't actually search the filesystem of any pc's


correct?

so if a mydoom variant were modified to use different ports, your .bat file would have to be modified to look for the new ports
Click to expand...


Exactly. However all the variants so far are using the same ports.. There is a lot of talk about a second wave coming though using those ports to exploit. Also, once you have the batch, you can see how easy it is to add/remove the ports to scan.
 
F

FreshPrince

Diamond Member
Dec 6, 2001
8,361
1
0
does netsky have ports also, my IDS is telling me that my mail server is sending out netsky, but I still have not been able to locate the infected user(s)
 
H

hevnsnt

Lifer
Mar 18, 2000
10,868
1
0
Netsky doesn't but the new mydoom.f opens port 1080, so you can fix the batch yourself.. :p
 
W

WoundedWallet

Platinum Member
Oct 9, 1999
2,325
0
0
Well I spent a good part of the day with Mydoom.f, and it wasn't fun.

I still got 11 out of 500+ files infected left in a Linux server that I would rather have deleted. But got unlink errors while trying that.

If anyone has any suggestions on what to do I'll start a new thread. At least I got my ports closed. Unless they are on of them port-knocking backdoors. Them I fudged as this is an undocumented network and I can't log into the firewall.

This tool was heaven sent ;)
 
R

reicherb

Platinum Member
Nov 22, 2000
2,122
0
0
Is there anyway to pass an entire class B subnet to the scanner? I'd like to scan 10.150.x.x to 10.159.x.x.

Thanks.
 
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom