RPC Scan: CLI and NetReg
Current Version: v0.3 Sep 15, 2003

These are files to scan for MS03-026/039 (KB 823980/824146) from the CLI in Linux, and to use this scanner in NetReg to redirect vulnerable hosts to a patch before they register on your network.

New Features in v0.3:

  • Class B scanning (Jordan Wiens at ufl.edu)
  • Timeout option (-t) now takes milliseconds instead of seconds
  • Default timeout increased from 0.5ms to 300ms
  • Received timeout increased from 300ms to 3 seconds
  • Usage docs improved
  • Results output improved
  • Error reporting improved
  • Code can be switched between CLI and NetReg modes by setting #define CLIMODE

Bug Fixes in v0.3:

  • Fixed some socket leaks, compiler warnings, and code cleanup (Jordan Wiens at ufl.edu)
  • Added receive socket timeout
  • Fixed more memory leaks
  • Fixed conditions where repeatedly querying the same hosts quickly returned different results

Known Issues in v0.3:  (if you want to fix these email us)

  • The CLI version hangs occasionally when trying to scan an entire Class B.
  • The current version is not ported to Solaris (yet - this is coming)

Download:

rpcscan for linux cli v0.3, Sep 15, 2003 - Source code for a command-line Linux scanner that accepts address ranges and returns explicit results.  It is the fastest way we have found to scan Class B size networks. It returns human-readable results by default, and NetReg readable results with a minor change. It should compile on most Linux distros with the following command: gcc -o rpcscan-cli-03 rpcscan-cli-03.c

netreg bundle v0.3, Sep 15, 2003 - This includes rpcscan for NetReg (with NetReg output enabled by default) and the jumppage.cgi page to start the scan in NetReg.  You need to update both of these files for the latest fixes and features.  It will return results that only make sense to NetReg Scan (error codes 0 to 7). The scanner should compile on most Linux distros with the following command: gcc -o rpcscan-netreg-03 rpcscan-netreg-03.c

Many thanks to everyone that has contributed to this project.  If you think your change was included in this but we forgot to give you credit, shoot us an email.  For all questions, comments, and changes send email to Mike Lang: mike.lang<at>uconn.edu.

Never heard of NetReg?  Check out http://www.netreg.org