This is OT, but given recent threads, this may be of interest to some here. Baden > -----Original Message----- > From: Marc Maiffret [mailto:[EMAIL PROTECTED]] > Sent: Saturday, 21 July 2001 9:28 AM > To: BUGTRAQ > Subject: Tool released to scan for possible CodeRed infected servers > > > In an effort to help administrators find all systems within > their network > that are vulnerable to the .ida buffer overflow attack, which > the "Code Red" > worm is using to spread itself, we have decided to release a > free tool named > CodeRed Scanner. It can scan a range of IP addresses and > report back any IP > addresses which are vulnerable to the .ida attack, and > susceptible to the > "Code Red" worm. > > The program will allow you to either scan a single IP address > or a Class C > (254) set of IP addresses. It will output a list of IP > addresses which can > be double clicked on to get information on how to patch your > system from the > .ida vulnerability and to eradicate the "Code Red" worm from > your system. > Also this is a program you get to install on your own > computer so you do not > have to go to a website and register to scan 1 IP address at > a time etc... > like some of the other scanners we have seen that scan for > the CodeRed Worm. > > We are able to remotely scan IP addresses (web servers) for the .ida > vulnerability (CodeRed Worm) without having to test your > system via a buffer > overflow, which can bring your web server down. Instead we > use a technique > which we have taken from Retina that allows CodeRed Scanner > the ability to > test a web server remotely, without causing any harm to it. > This allows us > to see if the .ida patch is installed or not (if the server > is infected or > susceptible to infection). > > To download CodeRed Scanner go to: > http://www.eeye.com/html/Research/Tools/codered.html > > Signed, > Marc Maiffret > Chief Hacking Officer > eEye Digital Security > T.949.349.9062 > F.949.349.9538 > http://eEye.com/Retina - Network Security Scanner > http://eEye.com/Iris - Network Traffic Analyzer > http://eEye.com/SecureIIS - Stop known and unknown IIS vulnerabilities > Please visit http://www.ipswitch.com/support/mailing-lists.html to be removed from this list. An Archive of this list is available at: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
