I would only ask why would I want the additional traffic of everyone scanning everyone. would that not only compound the problem??? Ken Williams kenat_private ----- Original Message ----- From: "Marc Maiffret" <marcat_private> To: "Vuln-Dev" <vuln-devat_private> Sent: Friday, July 20, 2001 4:27 PM Subject: Tool released to scan for possible CodeRed infected servers > In an effort to help administrators find all systems within their network > that are vulnerable to the .ida buffer overflow attack, which the "Code Red" > worm is using to spread itself, we have decided to release a free tool named > CodeRed Scanner. It can scan a range of IP addresses and report back any IP > addresses which are vulnerable to the .ida attack, and susceptible to the > "Code Red" worm. > > The program will allow you to either scan a single IP address or a Class C > (254) set of IP addresses. It will output a list of IP addresses which can > be double clicked on to get information on how to patch your system from the > .ida vulnerability and to eradicate the "Code Red" worm from your system. > Also this is a program you get to install on your own computer so you do not > have to go to a website and register to scan 1 IP address at a time etc... > like some of the other scanners we have seen that scan for the CodeRed Worm. > > We are able to remotely scan IP addresses (web servers) for the .ida > vulnerability (CodeRed Worm) without having to test your system via a buffer > overflow, which can bring your web server down. Instead we use a technique > which we have taken from Retina that allows CodeRed Scanner the ability to > test a web server remotely, without causing any harm to it. This allows us > to see if the .ida patch is installed or not (if the server is infected or > susceptible to infection). > > To download CodeRed Scanner go to: > http://www.eeye.com/html/Research/Tools/codered.html > > Signed, > Marc Maiffret > Chief Hacking Officer > eEye Digital Security > T.949.349.9062 > F.949.349.9538 > http://eEye.com/Retina - Network Security Scanner > http://eEye.com/Iris - Network Traffic Analyzer > http://eEye.com/SecureIIS - Stop known and unknown IIS vulnerabilities
This archive was generated by hypermail 2b30 : Sun Jul 22 2001 - 08:43:33 PDT