Ok, not to beat a dead horse, but if anyone's interested, and/or unsure if all the systems in their server farms are patched for the .ida vulnerability... eEye Digital Security has released a network scanner that you can use to test a large number of machines for it. Details are included below... -Cameron -------------------- Cameron Childress elliptIQ Inc. p.770.460.1035.232 f.770.460.0963 -- http://www.neighborware.com America's Leading Community Network Software > -----Original Message----- > From: Windows NTBugtraq Mailing List > [mailto:[EMAIL PROTECTED]]On Behalf Of Marc Maiffret > Sent: Friday, July 20, 2001 7:28 PM > To: [EMAIL PROTECTED] > Subject: Tool released to scan for possible CodeRed infected servers > > > In an effort to help administrators find all systems within their network > that are vulnerable to the .ida buffer overflow attack, which the > "Code Red" > worm is using to spread itself, we have decided to release a free > tool named > CodeRed Scanner. It can scan a range of IP addresses and report > back any IP > addresses which are vulnerable to the .ida attack, and susceptible to the > "Code Red" worm. > > The program will allow you to either scan a single IP address or a Class C > (254) set of IP addresses. It will output a list of IP addresses which can > be double clicked on to get information on how to patch your > system from the > .ida vulnerability and to eradicate the "Code Red" worm from your system. > Also this is a program you get to install on your own computer so > you do not > have to go to a website and register to scan 1 IP address at a time etc... > like some of the other scanners we have seen that scan for the > CodeRed Worm. > > We are able to remotely scan IP addresses (web servers) for the .ida > vulnerability (CodeRed Worm) without having to test your system > via a buffer > overflow, which can bring your web server down. Instead we use a technique > which we have taken from Retina that allows CodeRed Scanner the ability to > test a web server remotely, without causing any harm to it. This allows us > to see if the .ida patch is installed or not (if the server is infected or > susceptible to infection). > > To download CodeRed Scanner go to: > http://www.eeye.com/html/Research/Tools/codered.html > > Signed, > Marc Maiffret > Chief Hacking Officer > eEye Digital Security > T.949.349.9062 > F.949.349.9538 > http://eEye.com/Retina - Network Security Scanner > http://eEye.com/Iris - Network Traffic Analyzer > http://eEye.com/SecureIIS - Stop known and unknown IIS vulnerabilities ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/[email protected]/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
