Free Code Red checker

• Previous message (by thread): Code Red : Any whitehouse.gov people around?
• Next message (by thread): Free Code Red checker
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Thought this may interest some on this list...

> -----Original Message-----
> From: Marc Maiffret [mailto:marc at eeye.com]
> Sent: Friday, July 20, 2001 7:28 PM
> To: NT System Admin Issues
> Subject: Tool released to scan for possible CodeRed infected servers 
> 
> 
> In an effort to help administrators find all systems within their network
> that are vulnerable to the .ida buffer overflow attack, which the "Code Red"
> worm is using to spread itself, we have decided to release a free tool named
> CodeRed Scanner. It can scan a range of IP addresses and report back any IP
> addresses which are vulnerable to the .ida attack, and susceptible to the
> "Code Red" worm. 
> 
> The program will allow you to either scan a single IP address or a Class C
> (254) set of IP addresses. It will output a list of IP addresses which can
> be double clicked on to get information on how to patch your system from the
> .ida vulnerability and to eradicate the "Code Red" worm from your system.
> Also this is a program you get to install on your own computer so you do not
> have to go to a website and register to scan 1 IP address at a time etc...
> like some of the other scanners we have seen that scan for the CodeRed Worm. 
> 
> We are able to remotely scan IP addresses (web servers) for the .ida
> vulnerability (CodeRed Worm) without having to test your system via a buffer
> overflow, which can bring your web server down. Instead we use a technique
> which we have taken from Retina that allows CodeRed Scanner the ability to
> test a web server remotely, without causing any harm to it. This allows us
> to see if the .ida patch is installed or not (if the server is infected or
> susceptible to infection). 
> 
> To download CodeRed Scanner go to:
> http://www.eeye.com/html/Research/Tools/codered.html 
> 
> Signed,
> Marc Maiffret
> Chief Hacking Officer
> eEye Digital Security
> T.949.349.9062
> F.949.349.9538
> http://eEye.com/Retina - Network Security Scanner
> http://eEye.com/Iris - Network Traffic Analyzer
> http://eEye.com/SecureIIS - Stop known and unknown IIS vulnerabilities 
> 
 

• Previous message (by thread): Code Red : Any whitehouse.gov people around?
• Next message (by thread): Free Code Red checker
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]