CNS Navigation Bar
 
 

Network Scans Details

Details

To find vulnerable machines in the campus network we use a number of security scanners. Nessus is our primary tool.

The scans are conducted twice a month plus we do an incremental scans when a new vulnerability is discovered. The results are available to the UofT network administrators from a password protected SSL-enable web site in two formats: NBE and custom HTML. If you are a network administrator responsible for a group of machines you can request access to scan results by sending an email to security.admin@utoronto.ca


Various Operating Systems and applications behave differently when scanned. Spurious Scan Results page lists some of them.

Links:

Worms and Rootkits:
RootKit F.A.Q.
chkrootkit locally checks for signs of a rootkit (Linux 2.0.x, 2.2.x, FreeBSD 2.2.x, 3.x, 4.0, OpenBSD 2.6, 2.7,2.8, Solaris 2.5.1, 2.6,8.0)
Online Solaris Fingerprint Database  manual 
Solaris Fingerprint Database Companion and SideKick  can be used to collect signatures for files known to be replaced by "rootkits" (perl, shell)
Lion Worm   Linux
t0rn rootkit
Exploitation of snmpXdmid   Solaris
sadmin/IIS worm   Solaris, Windows
exploit tool  Linux services: BIND,wu-ftpd,statd
.ida "Code Red" worm  Microsoft IIS
Update.ida "Code Red" worm (date bomb)  Microsoft IIS
NIMDA worm  Microsoft

DDoS info:
ddos_find   can be used to detect the presence of DDOS tools. (Solaris 2.x)
A Breakdown of SANs Top Ten Threats
Last updated: Feb 7, 2005