Re: Code Red and ISS Internet Scanner

From: Aj Effin Reznor (ajat_private)
Date: Tue Jul 31 2001 - 09:34:26 PDT

  • Next message: Valdis.Kletnieksat_private: "Re: Large ISP response to Code Red?"

    "Mike Peterson was known to say....."
    > 
    > I don't want to start any discussions about ISS
    > Internet Scanner but, with the prospect of renewed
    > activity by the Code Red worm it needs to be pointed
    > out that Internet Scanner may not pick up the
    > vulnerability.
    > 
    > After using Internet Scanner 6.1 xpu 10 we did not
    > find the vulnerability, until we got hit by the Code
    > Red worm.  According to ISS, Internet Scanner will
    > only find the vulnerability if you operate with a
    > username and password with administrative rights on
    > the target.
    > 
    
    While not detecting the *activity* of the worm, eEye has a simple no-charge tool to let you know if your 
    machines are at least likely to fall prey to it:
    
    http://www.eeye.com/html/Research/Tools/codered.html
    
    ~middle of the page, CodeRedScanner
    
    
    -aj.
    
    
    
    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see: http://aris.securityfocus.com
    



    This archive was generated by hypermail 2b30 : Tue Jul 31 2001 - 10:48:01 PDT