From: King, Michael (MKing@bridgew.edu)
Date: Thu Sep 11 2003 - 12:34:14 CDT
Hmm...
The code Uconn posted used nmap to scan computers, with an external DCOM
script.
They mentioned using Nessus at one point, but they found doing it the above
way was faster.
Would you mind posting the code to tie the Nessus Scanner into NetReg?
-----Original Message-----
From: Eric Gauthier [mailto:elg@bu.edu]
Sent: Thursday, September 11, 2003 11:50 AM
To: netreg@southwestern.edu
Subject: RE: NetReg: UConn's Residential Network Beat the Worms
Josh,
I asked our NetSec team and here's what they said:
"We updated our nessus scanner to use plugin 11835 and disabled
11808. This makes sure that everyone registering has the
latest patch. It seems to work so far."
Hope this helps.
Eric Gauthier
Network Engineer
617-353-8218 ~^~ elg@bu.edu
Boston University - Office of IT
-----Original Message-----
From: owner-netreg@southwestern.edu [mailto:owner-netreg@southwestern.edu]On
Behalf Of Chris Fabri
Sent: Thursday, September 11, 2003 10:28 AM
To: netreg@southwestern.edu
Subject: Re: NetReg: UConn's Residential Network Beat the Worms
It appears that Microsofts newest patch, 824146 for MS03-039 causes the
scanner UConn is using to report the machine as vulnerable.
Has anybody been able to update this scanner, or find another scanner that
can correctly catch the blaster worm and the new rpc vulnerability? chris
At 07:18 PM 8/25/2003 -0400, you wrote:
>The following is a note that UConn has sent out to various public lists
>over the Internet. We protected UConn's residential network using
>NetReg and with modified/improved code that Josh Richard of University
>of Minnesota - Duluth originally wrote. We hope this can help many of
>you.
>
>Thanks Josh!
>
>
>-----------------------------------------------------------------------
>--
>
>Hi all,
>
> >From August 21-24, 2003 we had 11,500 students return to the
> >residence
>halls. 9,100 students registered their computers through NetReg and
>successfully connected to the campus network and the Internet, mostly
>on Saturday and Sunday. We automatically scanned and identified 2,500
>(27%) of those computers as vulnerable and redirected them to a page
>where they downloaded and installed the patch. That is 2,500 computers
>that were patched without staff intervention, and that were not
>infected with the worm, and that did not generate a support phone-call
>or visit.
>
>We have documented all the steps we took and linked to all of the code
>we used. If your student population has not yet returned to campus,
>and you were already using NetReg to register them, you should be able
>to implement all of these steps we took:
>
>http://www.security.uconn.edu/uconn_response.html
>
>We are very interested in making this page useful to as many
>institutions as possible. If you have a specific suggestion or
>criticism please direct
>
>it to me or security@uconn.edu.
>
>Good luck!
>
>Phil
>
>=======================================
>Philip A. Rodrigues
>Network Analyst, UITS
>University of Connecticut
>
>email: phil.rodrigues@uconn.edu
>phone: 860.486.3743
>fax: 860.486.6580
>web: http://www.security.uconn.edu
>=======================================
>
>**********************************************************************
>To unsubscribe from this list, send an e-mail message to
>majordomo@southwestern.edu containing a single line with the words:
>unsubscribe netreg Send requests for assistance to:
>owner-netreg@southwestern.edu
>**********************************************************************
**********************************************************************
To unsubscribe from this list, send an e-mail message to
majordomo@southwestern.edu containing a single line with the words:
unsubscribe netreg Send requests for assistance to:
owner-netreg@southwestern.edu
**********************************************************************
**********************************************************************
To unsubscribe from this list, send an e-mail message to
majordomo@southwestern.edu containing a single line with the words:
unsubscribe netreg Send requests for assistance to:
owner-netreg@southwestern.edu
**********************************************************************
**********************************************************************
To unsubscribe from this list, send an e-mail message to
majordomo@southwestern.edu containing a single line with the words:
unsubscribe netreg
Send requests for assistance to: owner-netreg@southwestern.edu
**********************************************************************
This archive was generated by hypermail 2.1.4 : Thu Aug 12 2004 - 12:01:41 CDT