"james" <jameshat_private> wrote on Monday, September 16, 2002 at 5:49 PM: > ... We do > block port 80, incoming, while allowing established connections since the > Code Red days. However, clients who run web servers were unprotected and > some got infected. Is there yet a scanner to ID infected/vulnerable hosts ? According to http://www.eeye.com/html/Research/Tools/codered.html , the "CodeRed Scanner from eEye Digital Security" (available free at http://www.eeye.com/html/Research/Tools/RetinaCodeRed.exe) will do this job for you. A previous version of it (ostensibly with a higher version number) worked for me. It can scan a maximum of 254 IP Addresses at a time (typical /24 Class C). To scan more at a time, eEye's sales department wants to call the potential customer. Best Regards, Jeff. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Sep 17 2002 - 19:54:13 PDT