[39709] in North American Network Operators' Group
Free Code Red checker
daemon@ATHENA.MIT.EDU (Seth M. Kusiak)
Fri Jul 20 21:32:37 2001
Message-ID: <20010721013210.32872.qmail@hex.databits.net>
In-Reply-To: <Pine.LNX.4.21_heb2.09.0107210418060.6326-100000@fireball.tau.ac.il>
From: "Seth M. Kusiak" <seth.kusiak@yours4less.com>
To: nanog@merit.edu
Date: Sat, 21 Jul 2001 01:32:10 GMT
Mime-Version: 1.0
Content-Type: text/plain; format=flowed; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Errors-To: owner-nanog-outgoing@merit.edu
Thought this may interest some on this list...
> -----Original Message-----
> From: Marc Maiffret [mailto:marc@eeye.com]
> Sent: Friday, July 20, 2001 7:28 PM
> To: NT System Admin Issues
> Subject: Tool released to scan for possible CodeRed infected servers
>
>
> In an effort to help administrators find all systems within their network
> that are vulnerable to the .ida buffer overflow attack, which the "Code Red"
> worm is using to spread itself, we have decided to release a free tool named
> CodeRed Scanner. It can scan a range of IP addresses and report back any IP
> addresses which are vulnerable to the .ida attack, and susceptible to the
> "Code Red" worm.
>
> The program will allow you to either scan a single IP address or a Class C
> (254) set of IP addresses. It will output a list of IP addresses which can
> be double clicked on to get information on how to patch your system from the
> .ida vulnerability and to eradicate the "Code Red" worm from your system.
> Also this is a program you get to install on your own computer so you do not
> have to go to a website and register to scan 1 IP address at a time etc...
> like some of the other scanners we have seen that scan for the CodeRed Worm.
>
> We are able to remotely scan IP addresses (web servers) for the .ida
> vulnerability (CodeRed Worm) without having to test your system via a buffer
> overflow, which can bring your web server down. Instead we use a technique
> which we have taken from Retina that allows CodeRed Scanner the ability to
> test a web server remotely, without causing any harm to it. This allows us
> to see if the .ida patch is installed or not (if the server is infected or
> susceptible to infection).
>
> To download CodeRed Scanner go to:
> http://www.eeye.com/html/Research/Tools/codered.html
>
> Signed,
> Marc Maiffret
> Chief Hacking Officer
> eEye Digital Security
> T.949.349.9062
> F.949.349.9538
> http://eEye.com/Retina - Network Security Scanner
> http://eEye.com/Iris - Network Traffic Analyzer
> http://eEye.com/SecureIIS - Stop known and unknown IIS vulnerabilities
>
