Free tool to capture Conficker scans and probes
Is everyone ready for Conficker's April 1 surprise? Brent Huston, CEO of security firm MicroSolved, Inc. twittered that his infosec team is still seeing "a lot of scans on the HITME and from HoneyPoint clients".
To help companies detect Conficker scans and probes on their networks, MicroSolved is offering a free tool - a Linux-only HoneyPoint GUI. You can download the zip file from here.
[ See also: Researchers find ways to sniff keystrokes from thin air; Power grid is found susceptible to cyberattack]
According to the MicroSolved's State of Security site: "The HoneyPoint Special Edition: Conficker runs in Linux and is easy to use with just about any LiveCD distro (including Puppy/DSL/gOS, etc.) and should make it easy for organizations to monitor their network spaces with a scattersensing approach. We chose not to release an OS X version to avoid issues with root authentication and Windows was not possible, since the detection requires binding to port 445/TCP which Windows uses for CIFS." Read the full post here.
The tool will expire on April 30th, 2009, after which time it will cease to function.
Related reading:
Conficker is a significant threat and is expected to wreak havok on April 1, 2009 (See Conficker.C variant set for April 1st surprise, CA says) and the Internet Storm Center for the latest update.
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
On Twitter now
conficker
Powered by Twitter
Esther Schindler
If the comments are ugly, the code is ugly
claird
SVG a graphics format for 21st century
pasmith
Take Chrome OS for a test spin
Sandra Henry-Stocker
Solaris Tip: Have Your Files Changed Since Installation?
jfruh
Android fragments vs. the iPhone monolith
mikelgan
What Gizmodo missed about the Pro WX Wireless USB disk drive
Sidekick: The Good News & the Bad News
Either way you look at it Microsoft Data Center management did not follow standards or best practices in this failure. In which case it makes me wonder more about the outsourcing of corporate data much less personal data.
- mburton325
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
free tool
The "tool" crashes on my Debian with a SIGSEGV! Congratulations!OTOH for a "security" tool, the least we can demand is its sources, isn't it?
@john75 - Re: Free Tool
Bummer. Ran OK on our Ubuntu Testbed box. Not sure we can get the source, as this tool disables itself on the 30th, so it doesn't look like this thing is in any way 'open' more or less free. Doesn't invoke too much confidence, does it?