Security Incidents mailing list archives

Re: Code Red and ISS Internet Scanner

From: Aj Effin Reznor <aj () reznor com>
Date: Tue, 31 Jul 2001 09:34:26 -0700 (PDT)

"Mike Peterson was known to say....."


I don't want to start any discussions about ISS
Internet Scanner but, with the prospect of renewed
activity by the Code Red worm it needs to be pointed
out that Internet Scanner may not pick up the
vulnerability.

After using Internet Scanner 6.1 xpu 10 we did not
find the vulnerability, until we got hit by the Code
Red worm.  According to ISS, Internet Scanner will
only find the vulnerability if you operate with a
username and password with administrative rights on
the target.


While not detecting the *activity* of the worm, eEye has a simple no-charge tool to let you know if your 
machines are at least likely to fall prey to it:

http://www.eeye.com/html/Research/Tools/codered.html

~middle of the page, CodeRedScanner


-aj.



----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Current thread:

Code Red and ISS Internet Scanner Mike Peterson (Jul 30)
- Re: Code Red and ISS Internet Scanner Aj Effin Reznor (Jul 31)
- <Possible follow-ups>
- RE: Code Red and ISS Internet Scanner Johnston, Jack (Jul 31)