Re: Tool released to scan for possible CodeRed infected servers

From: Kenneth Williams (kenat_private)
Date: Fri Jul 20 2001 - 18:44:27 PDT

Next message: perkere stinker: "true garbage"

Previous message: Marc Maiffret: "RE: Tool released to scan for possible CodeRed infected servers"
In reply to: Marc Maiffret: "Tool released to scan for possible CodeRed infected servers"
Next in thread: Marc Maiffret: "RE: Tool released to scan for possible CodeRed infected servers"
Reply: Marc Maiffret: "RE: Tool released to scan for possible CodeRed infected servers"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I would only ask why would I want the additional traffic of everyone
scanning everyone.
would that not only compound the problem???
Ken Williams
kenat_private

----- Original Message -----
From: "Marc Maiffret" <marcat_private>
To: "Vuln-Dev" <vuln-devat_private>
Sent: Friday, July 20, 2001 4:27 PM
Subject: Tool released to scan for possible CodeRed infected servers


> In an effort to help administrators find all systems within their network
> that are vulnerable to the .ida buffer overflow attack, which the "Code
Red"
> worm is using to spread itself, we have decided to release a free tool
named
> CodeRed Scanner. It can scan a range of IP addresses and report back any
IP
> addresses which are vulnerable to the .ida attack, and susceptible to the
> "Code Red" worm.
>
> The program will allow you to either scan a single IP address or a Class C
> (254) set of IP addresses. It will output a list of IP addresses which can
> be double clicked on to get information on how to patch your system from
the
> .ida vulnerability and to eradicate the "Code Red" worm from your system.
> Also this is a program you get to install on your own computer so you do
not
> have to go to a website and register to scan 1 IP address at a time etc...
> like some of the other scanners we have seen that scan for the CodeRed
Worm.
>
> We are able to remotely scan IP addresses (web servers) for the .ida
> vulnerability (CodeRed Worm) without having to test your system via a
buffer
> overflow, which can bring your web server down. Instead we use a technique
> which we have taken from Retina that allows CodeRed Scanner the ability to
> test a web server remotely, without causing any harm to it. This allows us
> to see if the .ida patch is installed or not (if the server is infected or
> susceptible to infection).
>
> To download CodeRed Scanner go to:
> http://www.eeye.com/html/Research/Tools/codered.html
>
> Signed,
> Marc Maiffret
> Chief Hacking Officer
> eEye Digital Security
> T.949.349.9062
> F.949.349.9538
> http://eEye.com/Retina - Network Security Scanner
> http://eEye.com/Iris - Network Traffic Analyzer
> http://eEye.com/SecureIIS - Stop known and unknown IIS vulnerabilities

Next message: perkere stinker: "true garbage"
Previous message: Marc Maiffret: "RE: Tool released to scan for possible CodeRed infected servers"
In reply to: Marc Maiffret: "Tool released to scan for possible CodeRed infected servers"
Next in thread: Marc Maiffret: "RE: Tool released to scan for possible CodeRed infected servers"
Reply: Marc Maiffret: "RE: Tool released to scan for possible CodeRed infected servers"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sun Jul 22 2001 - 08:43:33 PDT