Vulnerability Development mailing list archives
Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.)
From: Markus Kern <markus-kern () gmx net>
Date: Fri, 07 Sep 2001 12:39:13 +0200
S wrote:
To the author of CRclean. It is the tradition here to exploit vulnerabilities. What happens if I send the code red infect string to the broadcast address of the network segment of a machine running CRclean?
How do you want to accomplish this? CRclean is running inside IIS and doesn't monitor the wire like an IDS. The attacker must succesfully complete the TCP handshake to send a HTTP request.
I like the codegreen idea, but you have to be as careful as those guys in redmond have to be... did you remember to check the attacking address for this?
No, the attacking address is not checked at all. I believe it's not necessary. regards, Markus Kern
Current thread:
- AW: CodeGreen beta release (idq-patcher/antiCodeRed/etc.), (continued)
- AW: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) Steinhart Alexander (Sep 05)
- Re: AW: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) Markus Kern (Sep 06)
- Re: AW: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) Patrick Patterson (Sep 07)
- RE: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) t. patrick o'hara (Sep 06)
- RE: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) Ivan Dimitrov (Sep 06)
- Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) abel (Sep 06)
- Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) Markus Kern (Sep 06)
- Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) Stanley G. Bubrouski (Sep 06)
- Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) S (Sep 06)
- Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) Markus Kern (Sep 07)
- Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) H D Moore (Sep 07)
- Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) Markus Kern (Sep 07)
- Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) Stanley G. Bubrouski (Sep 07)
- coding (was: Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) Meritt James (Sep 06)
- Re: coding (was: Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) sa7ori (Sep 06)
- Re: coding (was: Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) Meritt James (Sep 07)
- RE: coding (was: Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) David Schwartz (Sep 07)
- Re: coding (was: Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) Robert A. Seace (Sep 07)
- RE: coding (was: Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) David Schwartz (Sep 07)