From owner-freebsd-security Thu Mar 6 12:36:42 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 99DC637B401 for ; Thu, 6 Mar 2003 12:36:39 -0800 (PST) Received: from mail.nessus.org (mail.nessus.org [63.105.37.104]) by mx1.FreeBSD.org (Postfix) with ESMTP id 08D5D43F3F for ; Thu, 6 Mar 2003 12:36:39 -0800 (PST) (envelope-from deraison@nessus.org) Received: by mail.nessus.org (Postfix, from userid 66) id B5EC813622; Thu, 6 Mar 2003 15:41:50 -0500 (EST) Received: by hope.fr.nessus.org (Postfix, from userid 502) id A1A7F2B2; Thu, 6 Mar 2003 21:37:13 +0100 (CET) Date: Thu, 6 Mar 2003 21:37:13 +0100 From: Renaud Deraison To: freebsd-security@freebsd.org Subject: Re: network audit of sendmail Message-ID: <20030306203713.GA14778@nessus.org> References: <5.2.0.9.0.20030306094902.06e759a8@marble.sentex.ca> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <5.2.0.9.0.20030306094902.06e759a8@marble.sentex.ca> User-Agent: Mutt/1.4i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Thu, Mar 06, 2003 at 10:41:43AM -0500, Mike Tancsa wrote: > > I want to go through my network to a) ensure all my machines are updated > and b)look for customer machines running vulnerable versions of > sendmail. I put together a quick perl script, but its sequential and does > not scan in parallel. (this is slow for 16,000 hosts). Can anyone recommend > a tool to do this ? Essentially all I want to do is connect to port 25, > grab the banner and record it next to the IP address. Nessus seems to be > way overkill and I dont see a way in nmap to record the banner > output. Why would Nessus be way overkill ? Disable every plugin except the plugin which checks for the flaw [sendmail_header.nasl] (and eventually ping_host), and here you go. -- Renaud (blatantly defending his product :) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message