Security Incidents mailing list archives

Re: slaper trafic

From: "Jeff" <spam-fighter () bigfoot com>
Date: Tue, 17 Sep 2002 02:30:12 -0400

"james" <jamesh () cybermesa com> wrote on Monday, September 16, 2002 at 5:49
PM:

... We do
block port 80, incoming, while allowing established connections since the
Code Red days. However, clients who run web servers were unprotected and
some got infected. Is there yet a scanner to ID infected/vulnerable hosts

?

According to http://www.eeye.com/html/Research/Tools/codered.html , the
"CodeRed Scanner from eEye Digital Security" (available free at
http://www.eeye.com/html/Research/Tools/RetinaCodeRed.exe) will do this job
for you.  A previous version of it (ostensibly with a higher version number)
worked for me.  It can scan a maximum of 254 IP Addresses at a time (typical
/24 Class C).  To scan more at a time, eEye's sales department wants to call
the potential customer.

Best Regards,  Jeff.


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Current thread:

Re: slaper trafic james (Sep 16)
- Re: slaper trafic Jose Nazario (Sep 17)
- Re: slaper trafic Denis Dimick (Sep 17)
- Re: slaper trafic Jeff (Sep 17)
- Re: slaper trafic Michael Katz (Sep 18)