[Oisf-users] Alerts about MS08-067
C. L. Martinez
carlopmart at gmail.com
Tue Nov 5 11:42:53 UTC 2013
Hi all,
From time to time my suricata sensors (all of them using release
1.4.6) trigger alerts about MS08-06 vulnerability in my servers and/or
workstations (ten or fifteen times a day).
I run the following nmap script
http://nmap.org/nsedoc/scripts/smb-check-vulns.html to check this
vulnerability, and result is not vulnerable. For example:
root at debian01:/tmp# nmap --script smb-check-vulns.nse -p445 10.15.1.2
Starting Nmap 6.00 ( http://nmap.org ) at 2013-11-05 11:38 UTC
Nmap scan report for mytest.server.local (10.15.1.2)
Host is up (0.00049s latency).
PORT STATE SERVICE
445/tcp open microsoft-ds
Host script results:
| smb-check-vulns:
| MS08-067: NOT VULNERABLE
| Conficker: Likely CLEAN
| regsvc DoS: CHECK DISABLED (add '--script-args=unsafe=1' to run)
| SMBv2 DoS (CVE-2009-3103): CHECK DISABLED (add
'--script-args=unsafe=1' to run)
| MS06-025: CHECK DISABLED (remove 'safe=1' argument to run)
|_ MS07-029: CHECK DISABLED (remove 'safe=1' argument to run)
Nmap done: 1 IP address (1 host up) scanned in 0.43 seconds
Then, why this alert is triggered?? Any idea??
Thanks.
More information about the Oisf-users
mailing list