Hi all, I was just checking how many CodeRed I and II attempts I had on my Linux based Apache server, and figuring out what if a new version of the worm encoded 'degault.ida' in hexadecimal? Or even the data that causes the buffer overflow? It seems a lot of tools are based on 'default.ida' string.... aren't they? Cheers, Nuno Mendes Director Email: nmendesat_private GSM: +351 966026703 GeP, Lda. - Consultoria em Sistemas de Informação Rua Marcos Portugal, 4 R/C Dto 1495-091 Algés Tel.: +351 214139210/1 Fax: +351 214139212 Email: gepat_private Web: http://www.gep.pt ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Mon Aug 20 2001 - 08:34:10 PDT