From owner-freebsd-security Thu Mar 6 8:37:33 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 871A137B401 for ; Thu, 6 Mar 2003 08:37:31 -0800 (PST) Received: from mercury.ccmr.cornell.edu (mercury.ccmr.cornell.edu [128.84.231.97]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8EBCC43FB1 for ; Thu, 6 Mar 2003 08:37:30 -0800 (PST) (envelope-from mitch@ccmr.cornell.edu) Received: from ori.ccmr.cornell.edu (ori.ccmr.cornell.edu [128.84.231.243]) by mercury.ccmr.cornell.edu (8.12.8/8.12.8) with ESMTP id h26GbOTw001194; Thu, 6 Mar 2003 11:37:24 -0500 Received: from localhost (mitch@localhost) by ori.ccmr.cornell.edu (8.12.8/8.12.8) with ESMTP id h26GbOLF031989; Thu, 6 Mar 2003 11:37:24 -0500 X-Authentication-Warning: ori.ccmr.cornell.edu: mitch owned process doing -bs Date: Thu, 6 Mar 2003 11:37:23 -0500 (EST) From: Mitch Collinsworth To: Mike Tancsa Cc: freebsd-security@FreeBSD.ORG Subject: Re: network audit of sendmail In-Reply-To: <5.2.0.9.0.20030306094902.06e759a8@marble.sentex.ca> Message-ID: References: <5.2.0.9.0.20030306094902.06e759a8@marble.sentex.ca> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Thu, 6 Mar 2003, Mike Tancsa wrote: > I want to go through my network to a) ensure all my machines are updated > and b)look for customer machines running vulnerable versions of > sendmail. I put together a quick perl script, but its sequential and does > not scan in parallel. (this is slow for 16,000 hosts). Can anyone recommend > a tool to do this ? Essentially all I want to do is connect to port 25, > grab the banner and record it next to the IP address. Nessus seems to be > way overkill and I dont see a way in nmap to record the banner > output. Before I spend time to figure out how to use threads (or fork off > processes) in perl, am I re-inventing the wheel so to speak ? Is there a > script out there to do this ? I tried looking through google but didnt find > anything Might it speed things up to go to a 2-pass setup? First nmap the whole network to see what hosts have port 25 open, then go back and collect banner info from just those hosts. For extra credit: pipe the output from the 1st pass into the input of the 2nd pass so it can start checking banners as soon as the 1st pass begins identifying candidates to check. -Mitch To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message