Vulnerability Development mailing list archives

Re: Tool released to scan for possible CodeRed infected servers

From: H C <keydet89 () yahoo com>
Date: Mon, 23 Jul 2001 07:15:30 -0700 (PDT)

If you do a packet capture via snort or tcpdump while
running the tool, you'll see that it's pretty
straigthforward porting the tool to Perl.  Using
LWP::UserAgent, the resulting script will run on
Linux, Unix, NT/2K, even Win95 with no trouble.

Carv

--- tom ring <tar () real-time com> wrote:

Thanks for your efforts.

Will there be a unix source version available?  I
won't bother to explain why I'd rather 
have that.

tom

On 20 Jul 2001, at 16:27, Marc Maiffret wrote:

In an effort to help administrators find all

systems within their network

that are vulnerable to the .ida buffer overflow

attack, which the "Code Red"

worm is using to spread itself, we have decided to

release a free tool named

CodeRed Scanner. It can scan a range of IP

addresses and report back any IP

addresses which are vulnerable to the .ida attack,

and susceptible to the

"Code Red" worm.



------
Tom Ring WA2PHW  EN34
tar () real-time com

"It is better to go into a turn slow, and come out
fast, than to go into a turn fast and come out

dead."


__________________________________________________
Do You Yahoo!?
Make international calls for as low as $.04/minute with Yahoo! Messenger
http://phonecard.yahoo.com/

Current thread:

Tool released to scan for possible CodeRed infected servers Marc Maiffret (Jul 20)
- Re: Tool released to scan for possible CodeRed infected servers Kenneth Williams (Jul 22)
  - RE: Tool released to scan for possible CodeRed infected servers Marc Maiffret (Jul 22)
    - Re: Tool released to scan for possible CodeRed infected servers Mike Fedyk (Jul 22)
- Re: Tool released to scan for possible CodeRed infected servers tom ring (Jul 23)
  - Re: Tool released to scan for possible CodeRed infected servers H C (Jul 23)
  - Re: Tool released to scan for possible CodeRed infected servers H D Moore (Jul 23)