With all the hoopla about Conficker, many of our customers are blowing up our inbox's wondering why they are not seeing Conficker related alerts on their Sentinel IPS?
Well congratulations to those customers, you have proper firewall rules in place, therefore Conficker cannot open up attacks to the MS08-067 vulnerability in Windows filesharing.
For those of you who are unsure, you have two easy possible solutions to barracade your front door from the thousands of daily Conficker attempts.
Firewall TCP port 445 inbound, or simply turn off Network Print/Filesharing on your Windows servers.
Also if you want to quickly sweep your internal network or DMZ for Conficker infections the latest version of Nmap can do the job in a snap! Just download the latest version and give this command a whirl:
nmap -PN -T4 -p139,445 -n -v --script=smb-check-vulns --script-args safe=1 [mylanaddress]