Security Incidents mailing list archives
What if CodeRed encoded it's HTTP requests?
From: "Nuno Mendes" <nmendes () gep pt>
Date: Mon, 20 Aug 2001 13:27:17 +0100
Hi all, I was just checking how many CodeRed I and II attempts I had on my Linux based Apache server, and figuring out what if a new version of the worm encoded 'degault.ida' in hexadecimal? Or even the data that causes the buffer overflow? It seems a lot of tools are based on 'default.ida' string.... aren't they? Cheers, Nuno Mendes Director Email: nmendes () gep pt GSM: +351 966026703 GeP, Lda. - Consultoria em Sistemas de Informação Rua Marcos Portugal, 4 R/C Dto 1495-091 Algés Tel.: +351 214139210/1 Fax: +351 214139212 Email: gep () gep pt Web: http://www.gep.pt ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- What if CodeRed encoded it's HTTP requests? Nuno Mendes (Aug 20)
- Re: What if CodeRed encoded it's HTTP requests? Ryan Russell (Aug 20)
- Re: What if CodeRed encoded it's HTTP requests? Jose Nazario (Aug 20)