Security Incidents mailing list archives

Looking for a better scanner for CodeRed

From: "Reeves, Michael (GEAE, Compaq)" <michael.reeves () ae ge com>
Date: Fri, 10 Aug 2001 11:24:55 -0400

I do the .ida check and it does not think it is vulnerable. I use the eEye
scanner and it comes up vulnerable. Does anyone know of a nessus plugin that
detects it? I am currently using the IIS IDA/IDQ Path Disclosure under CGI
abuses and getting nill.


Mike

-----Original Message-----
From: Aviram Jenik [mailto:aviram () beyondsecurity com]
Sent: Friday, August 10, 2001 9:28 AM
To: 'Reeves, Michael (GEAE, Compaq)'; incidents () securityfocus com
Subject: RE: Looking for a better scanner for CodeRed


Hi,

Try nessus (www.nessus.org). It has a special code-red vulnerability
check, and an .IDA mapping check (which is the main problem in the first
place).

Nessus comes with 700+ security tests, but you can configure it to run
only certain tests, and to skip the port scan (if all your servers
listen on port 80) in order to make a quick scan for code red
vulnerabilities (don't know why you would want to do that, though. If
you're taking the time to scan the machines, why not scan for other
security holes as well?)

--
Aviram Jenik
Beyond Security Ltd.
http://www.BeyondSecurity.com
http://www.SecuriTeam.com

Know that you're safe:
http://www.AutomatedScanning.com

-----Original Message-----
From: Reeves, Michael (GEAE, Compaq) 
[mailto:michael.reeves () ae ge com] 
Sent: Thursday, August 09, 2001 8:11 PM
To: 'incidents () securityfocus com'
Subject: Looking for a better scanner for CodeRed

I am currently using the scanning tool from eEye to find 
CodeRed vulnerable
machines. I have several class B networks I have to scan on a 
regular basis.
eEye's scanner only allows range scans for class C networks. 
I have the ISS
scanner but it is too slow for a quick scan. Any info would be greatly
appreciated. I am currently scanning with other software then manually
entering in all of the IIS servers intot he eEye scanner.

Mike Reeves
Security Administrator

--------------------------------------------------------------
--------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com



----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Current thread:

Looking for a better scanner for CodeRed Reeves, Michael (GEAE, Compaq) (Aug 09)
- Re: Looking for a better scanner for CodeRed Security (Aug 10)
- RE: Looking for a better scanner for CodeRed Aviram Jenik (Aug 10)
- <Possible follow-ups>
- Looking for a better scanner for CodeRed Reeves, Michael (GEAE, Compaq) (Aug 10)