A Marathon, Not A Sprint
Our scanners improve! A new nmap Beta 7 is out (Windows, OSX, Source), with slightly more accurate scan logic research by Renaud Deraison of Nessus. This tends to find a few extra boxes per network, so it’s definitely worth grabbing. It doesn’t take too much work to spin up another scan, and heh, it’s an opportunity to play with ndiff, the nmap diffing engine.
McAfee also has a really nice Windows based scanner out the door — check it out.
Of course, you may be thinking: The world didn’t come to an end. Clearly, this whole thing was just a Y2K hypefest. I’m sorry the bad guys aren’t quite the eschatologists some people would like them to be, but somebody’s been investing extraordinary amounts of resources making a worm very difficult to kill. It’s not like there was a contingent of rogue coders, sitting around figuring out where they could put two-character date fields after January 1st, 2001. There’s a bad guy out there, and while we shouldn’t panic, we shouldn’t quite ignore the situation either. Botnets — even much smaller botnets than would have otherwise have been created, thanks to rapid patching and automatic updates by Microsoft — are big business. As my friend Jason Larsen says, it’s not about ownage, it’s about continued ownage.
What to do? That’s what makes these scanners nice. They represent clean, actionable, operationally viable guidance for IT staff that aren’t exactly bursting at the seams with free time. I continue to be appreciative of all the developers who worked this last weekend to push Tillmann and Felix’s code into their products. It goes a long way towards moving us closer to less fear, more certainly, and no doubt.