Security Incidents mailing list archives

What if CodeRed encoded it's HTTP requests?

From: "Nuno Mendes" <nmendes () gep pt>
Date: Mon, 20 Aug 2001 13:27:17 +0100

Hi all,

I was just checking how many CodeRed I and II attempts I had on my Linux
based Apache server, and figuring out what if a new version of the worm
encoded 'degault.ida' in hexadecimal? Or even the data that causes the
buffer overflow?

It seems a lot of tools are based on 'default.ida' string.... aren't they?

Cheers,


Nuno Mendes
Director

Email: nmendes () gep pt
GSM: +351 966026703

GeP, Lda. - Consultoria em Sistemas de Informação
Rua Marcos Portugal, 4 R/C Dto
1495-091 Algés

Tel.: +351 214139210/1
Fax: +351 214139212
Email: gep () gep pt
Web: http://www.gep.pt




----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Current thread:

What if CodeRed encoded it's HTTP requests? Nuno Mendes (Aug 20)
- Re: What if CodeRed encoded it's HTTP requests? Ryan Russell (Aug 20)
- Re: What if CodeRed encoded it's HTTP requests? Jose Nazario (Aug 20)