What if CodeRed encoded it's HTTP requests?

From: Nuno Mendes (nmendesat_private)
Date: Mon Aug 20 2001 - 05:27:17 PDT

Next message: Ryan Russell: "Re: What if CodeRed encoded it's HTTP requests?"

Previous message: Emil Popov: "annoying ftp probes"
Next in thread: Ryan Russell: "Re: What if CodeRed encoded it's HTTP requests?"
Reply: Ryan Russell: "Re: What if CodeRed encoded it's HTTP requests?"
Reply: Jose Nazario: "Re: What if CodeRed encoded it's HTTP requests?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi all,

I was just checking how many CodeRed I and II attempts I had on my Linux
based Apache server, and figuring out what if a new version of the worm
encoded 'degault.ida' in hexadecimal? Or even the data that causes the
buffer overflow?

It seems a lot of tools are based on 'default.ida' string.... aren't they?

Cheers,


Nuno Mendes
Director

Email: nmendesat_private
GSM: +351 966026703

GeP, Lda. - Consultoria em Sistemas de Informação
Rua Marcos Portugal, 4 R/C Dto
1495-091 Algés

Tel.: +351 214139210/1
Fax: +351 214139212
Email: gepat_private
Web: http://www.gep.pt




----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Ryan Russell: "Re: What if CodeRed encoded it's HTTP requests?"
Previous message: Emil Popov: "annoying ftp probes"
Next in thread: Ryan Russell: "Re: What if CodeRed encoded it's HTTP requests?"
Reply: Ryan Russell: "Re: What if CodeRed encoded it's HTTP requests?"
Reply: Jose Nazario: "Re: What if CodeRed encoded it's HTTP requests?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Aug 20 2001 - 08:34:10 PDT