[opensuse-factory] nmap update for detecting Conficker?
I wonder if the current nmap version for openSUSE 11.1 is capable to detect Conficker infected machines on the network, or if the latest version of nmap is required as described in the Linux Journal? http://www.linuxjournal.com/content/detecting-conficker-linux-tools Rgds, Terje J. Hanssen -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
On Thu, Apr 02, 2009 at 12:09:59PM +0200, Terje J. Hanssen wrote:
I wonder if the current nmap version for openSUSE 11.1 is capable to detect Conficker infected machines on the network, or if the latest version of nmap is required as described in the Linux Journal? http://www.linuxjournal.com/content/detecting-conficker-linux-tools
The article states that you 'You MUST get nmap-4.85BETA5' (or later). In 11.1, there is nmap-4.75, so it won't work. You have to build it yourself or try RPMs from nmap homepage: http://nmap.org/download.html (Linux RPM Source and Binaries) HTH -- Best regards / s pozdravem Petr Uzel, Packages maintainer --------------------------------------------------------------------- SUSE LINUX, s.r.o. e-mail: puzel@suse.cz Lihovarská 1060/12 tel: +420 284 028 964 190 00 Prague 9 fax: +420 284 028 951 Czech Republic http://www.suse.cz -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
Petr Uzel schrieb:
On Thu, Apr 02, 2009 at 12:09:59PM +0200, Terje J. Hanssen wrote:
I wonder if the current nmap version for openSUSE 11.1 is capable to detect Conficker infected machines on the network, or if the latest version of nmap is required as described in the Linux Journal? http://www.linuxjournal.com/content/detecting-conficker-linux-tools
The article states that you 'You MUST get nmap-4.85BETA5' (or later). In 11.1, there is nmap-4.75, so it won't work.
You have to build it yourself or try RPMs from nmap homepage: http://nmap.org/download.html (Linux RPM Source and Binaries)
What I'm wondering is: Yes, obviously that's a new feature but one could argue that it's security relevant. Actually not for the openSUSE system but for detecting security issues. I'm just ignoring the BETA in the version number now but shouldn't a thing like that considered to be updated in certain cases even in released openSUSE versions? - if the package is a leaf package - the update itself has low risk - it's not far too much work Just an idea for consideration. Wolfgang -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
On pá 3. dubna 2009, Wolfgang Rosenauer wrote:
Petr Uzel schrieb:
On Thu, Apr 02, 2009 at 12:09:59PM +0200, Terje J. Hanssen wrote:
I wonder if the current nmap version for openSUSE 11.1 is capable to detect Conficker infected machines on the network, or if the latest version of nmap is required as described in the Linux Journal? http://www.linuxjournal.com/content/detecting-conficker-linux-tools
The article states that you 'You MUST get nmap-4.85BETA5' (or later). In 11.1, there is nmap-4.75, so it won't work.
You have to build it yourself or try RPMs from nmap homepage: http://nmap.org/download.html (Linux RPM Source and Binaries)
What I'm wondering is: Yes, obviously that's a new feature but one could argue that it's security relevant. Actually not for the openSUSE system but for detecting security issues. I'm just ignoring the BETA in the version number now but shouldn't a thing like that considered to be updated in certain cases even in released openSUSE versions? - if the package is a leaf package - the update itself has low risk - it's not far too much work
Just an idea for consideration.
IMHO this is a typical case where the users, who need it, can install from specialized OBS repository. Vladimir -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
Petr Uzel wrote:
On Thu, Apr 02, 2009 at 12:09:59PM +0200, Terje J. Hanssen wrote:
I wonder if the current nmap version for openSUSE 11.1 is capable to detect Conficker infected machines on the network, or if the latest version of nmap is required as described in the Linux Journal? http://www.linuxjournal.com/content/detecting-conficker-linux-tools
The article states that you 'You MUST get nmap-4.85BETA5' (or later). In 11.1, there is nmap-4.75, so it won't work.
You have to build it yourself or try RPMs from nmap homepage: http://nmap.org/download.html (Linux RPM Source and Binaries)
HTH
I installed nmap-4.85BETA7-1 from http://nmap.org/download.html and on installation it wanted to remove my zenmap-4.75-6.38 . I tried the zenmap from nmap.org but it had strange python package dependencies so I ignored the zenmap-4.75-6.38 dependencies to keep the opensuse version and it worked complete with confiker detection. I didn't have the worm on the network so I can't confirm the detection abilities . Regards Dave P -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
participants (5)
-
Dave Plater -
Petr Uzel -
Terje J. Hanssen -
Vladimir Nadvornik -
Wolfgang Rosenauer