Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.)

From: Markus Kern (markus-kernat_private)
Date: Fri Sep 07 2001 - 03:39:13 PDT

Next message: Everhart, Glenn (FUSA): "RE: CodeGreen beta release (idq-patcher/antiCodeRed/etc.)"

Previous message: Steinhart Alexander: "Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.)"
In reply to: S: "Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.)"
Next in thread: H D Moore: "Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.)"
Next in thread: Markus Kern: "Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

S wrote:
> 
> To the author of CRclean.
> 
> It is the tradition here to exploit vulnerabilities. What happens if I send
> the code red infect string to the broadcast address of the network segment
> of a machine running CRclean?

How do you want to accomplish this? CRclean is running inside IIS and doesn't
monitor the wire like an IDS. The attacker must succesfully complete the TCP
handshake to send a HTTP request.

> I like the codegreen idea, but you have to be as careful as those guys in
> redmond have to be... did you remember to check the attacking address for
> this?

No, the attacking address is not checked at all.
I believe it's not necessary.

regards,
Markus Kern

Next message: Everhart, Glenn (FUSA): "RE: CodeGreen beta release (idq-patcher/antiCodeRed/etc.)"
Previous message: Steinhart Alexander: "Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.)"
In reply to: S: "Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.)"
Next in thread: H D Moore: "Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.)"
Next in thread: Markus Kern: "Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Sep 07 2001 - 10:49:11 PDT