Here is a quick little perl script, it only checks one host at a time. http://www.digitaloffense.net/ida_overflow.pl If you want to check a network range, try the following: # nmap -sS -p 80 -n -PS80 -oM - <ip range> | grep 80/open | awk '{print $2}' | xargs -i perl ida_overflow.pl -h {} If you want to check a range of SSL servers: # nmap -sS -p 443 -n -PS443 -oM - <ip range> | grep 443/open | awk '{print $2}' | xargs -i perl ida_overflow.pl -h {} -s -p 443 -HD P.S. This script uses libwhisker On Friday 20 July 2001 09:43 pm, tom ring wrote: > Thanks for your efforts. > > Will there be a unix source version available? I won't bother to explain > why I'd rather have that. >\ > tom > > On 20 Jul 2001, at 16:27, Marc Maiffret wrote: > > In an effort to help administrators find all systems within their network > > that are vulnerable to the .ida buffer overflow attack, which the "Code > > Red" worm is using to spread itself, we have decided to release a free > > tool named CodeRed Scanner. It can scan a range of IP addresses and > > report back any IP addresses which are vulnerable to the .ida attack, and > > susceptible to the "Code Red" worm. > > ------ > Tom Ring WA2PHW EN34 > tar@real-time.com > > "It is better to go into a turn slow, and come out fast, than to go into a > turn fast and come out dead."
This archive was generated by hypermail 2b30 : Mon Jul 23 2001 - 21:45:56 PDT