RE: Code Red and ISS Internet Scanner

From: Johnston, Jack (JohnstonJat_private)
Date: Tue Jul 31 2001 - 11:49:32 PDT

  • Next message: Jonathan A. Zdziarski: "RE: Large ISP response to Code Red?"

    We've been using the eEye Code Red Scanner since yesterday afternoon, at my
    hQ and 
    at our subordinate commands, and all are in agreement that it's working
    rather well.
    
    Jack Johnston
    Information Assurance Manager
    Information Warfare Officer
    MTDC-IMI
    DSN-927-7497/cml 757-878-7497
    <johnstonjat_private>
    
    
    -----Original Message-----
    From: Aj Effin Reznor [mailto:ajat_private]
    Sent: Tuesday, July 31, 2001 12:34 PM
    To: incidentsat_private
    Subject: Re: Code Red and ISS Internet Scanner
    
    
    "Mike Peterson was known to say....."
    > 
    > I don't want to start any discussions about ISS
    > Internet Scanner but, with the prospect of renewed
    > activity by the Code Red worm it needs to be pointed
    > out that Internet Scanner may not pick up the
    > vulnerability.
    > 
    > After using Internet Scanner 6.1 xpu 10 we did not
    > find the vulnerability, until we got hit by the Code
    > Red worm.  According to ISS, Internet Scanner will
    > only find the vulnerability if you operate with a
    > username and password with administrative rights on
    > the target.
    > 
    
    While not detecting the *activity* of the worm, eEye has a simple no-charge
    tool to let you know if your 
    machines are at least likely to fall prey to it:
    
    http://www.eeye.com/html/Research/Tools/codered.html
    
    ~middle of the page, CodeRedScanner
    
    
    -aj.
    
    
    
    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see: http://aris.securityfocus.com
    
    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see: http://aris.securityfocus.com
    



    This archive was generated by hypermail 2b30 : Tue Jul 31 2001 - 15:17:10 PDT