RE: Determining Trojans, File & Print Sharing, Services running r emotely on W2K

From: Scott, Joshua (Joshua.Scott@Jacobs.com)
Date: Fri May 10 2002 - 12:23:13 EDT

• Next message: Sumit Dhar: "Re: Arp spoofing & dsniff"
• Previous message: Aleksander P. Czarnowski: "RE: Determining Trojans, File & Print Sharing, Services running remotely on W2K"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Try using the Nessus scanner and only scan for know Trojans. This will at
least give you a list of any know Trojans that are running.

Joshua Scott
Security Systems Analyst
626-568-7024

-----Original Message-----
From: Jason [mailto:cisspstudy@yahoo.com]
Sent: Thursday, May 09, 2002 4:03 PM
To: pen-test@securityfocus.com
Subject: Determining Trojans, File & Print Sharing, Services running
remotely on W2K

I will be performing a workstation audit on 300 W2k
workstations across the network.

I need to scan to see:
1. If there are any trojans running on these hosts.
2. Whether shares are activated on these hosts.
3. Whether anti-virus is installed.

I will have domain administrator rights and all
workstations are in the windows NT 4.0 domain.

What tools do people recommend for performing each of these
steps? I will be scanning for workstations within a
specific IP range.

For Trojan Scanning I have seen tools like TFAK. But I am
not sure how good it is and I know it can't be run on a
block of IP's.

For determining whether shares are activated maybe I could
use something like Legion ?

For determining whether anti-virus is installed I need a
tool that can dump a list of services running on a remote
host for a block of IP addresses.

Any help appreciated.

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

======================================================================================
NOTICE - This communication may contain confidential and privileged information that is for the sole use of the intended recipient. Any viewing, copying or distribution of, or reliance on this message by unintended recipients is strictly prohibited. If you have received this message in error, please notify us immediately by replying to the message and deleting it from your computer.

==============================================================================

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

• Next message: Sumit Dhar: "Re: Arp spoofing & dsniff"
• Previous message: Aleksander P. Czarnowski: "RE: Determining Trojans, File & Print Sharing, Services running remotely on W2K"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:20 EDT