Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Tool released to scan for possible CodeRed infected servers

From: "Marc Maiffret" <marc () eeye com>
Date: Fri, 20 Jul 2001 19:44:28 -0700
huh? as an administrator you will want the "extra traffic" to find
vulnerable servers on your network so you can patch them so your web servers
do not create "extra traffic".

Signed,
Marc Maiffret
Chief Hacking Officer
eEye Digital Security
T.949.349.9062
F.949.349.9538
http://eEye.com/Retina - Network Security Scanner
http://eEye.com/Iris - Network Traffic Analyzer
http://eEye.com/SecureIIS - Stop known and unknown IIS vulnerabilities

|-----Original Message-----
|From: Kenneth Williams [mailto:ken () kwilliams org]
|Sent: Friday, July 20, 2001 6:44 PM
|To: Marc Maiffret; Vuln-Dev
|Subject: Re: Tool released to scan for possible CodeRed infected servers
|
|
|I would only ask why would I want the additional traffic of everyone
|scanning everyone.
|would that not only compound the problem???
|Ken Williams
|ken () kwilliams org
|
|----- Original Message -----
|From: "Marc Maiffret" <marc () eeye com>
|To: "Vuln-Dev" <vuln-dev () securityfocus com>
|Sent: Friday, July 20, 2001 4:27 PM
|Subject: Tool released to scan for possible CodeRed infected servers
|
|
|> In an effort to help administrators find all systems within their network
|> that are vulnerable to the .ida buffer overflow attack, which the "Code
|Red"
|> worm is using to spread itself, we have decided to release a free tool
|named
|> CodeRed Scanner. It can scan a range of IP addresses and report back any
|IP
|> addresses which are vulnerable to the .ida attack, and susceptible to the
|> "Code Red" worm.
|>
|> The program will allow you to either scan a single IP address or
|a Class C
|> (254) set of IP addresses. It will output a list of IP addresses
|which can
|> be double clicked on to get information on how to patch your system from
|the
|> .ida vulnerability and to eradicate the "Code Red" worm from your system.
|> Also this is a program you get to install on your own computer so you do
|not
|> have to go to a website and register to scan 1 IP address at a
|time etc...
|> like some of the other scanners we have seen that scan for the CodeRed
|Worm.
|>
|> We are able to remotely scan IP addresses (web servers) for the .ida
|> vulnerability (CodeRed Worm) without having to test your system via a
|buffer
|> overflow, which can bring your web server down. Instead we use a
|technique
|> which we have taken from Retina that allows CodeRed Scanner the
|ability to
|> test a web server remotely, without causing any harm to it. This
|allows us
|> to see if the .ida patch is installed or not (if the server is
|infected or
|> susceptible to infection).
|>
|> To download CodeRed Scanner go to:
|> http://www.eeye.com/html/Research/Tools/codered.html
|>
|> Signed,
|> Marc Maiffret
|> Chief Hacking Officer
|> eEye Digital Security
|> T.949.349.9062
|> F.949.349.9538
|> http://eEye.com/Retina - Network Security Scanner
|> http://eEye.com/Iris - Network Traffic Analyzer
|> http://eEye.com/SecureIIS - Stop known and unknown IIS vulnerabilities
|
|
Previous By Date Next
Previous By Thread Next

Current thread: