[21683] in bugtraq
Re: 'Code Red' does not seem to be scanning for IIS
daemon@ATHENA.MIT.EDU (Ryan Russell)
Thu Jul 19 21:09:31 2001
Date: Thu, 19 Jul 2001 17:14:43 -0600 (MDT)
From: Ryan Russell <ryan@securityfocus.com>
To: Mike Brockman <phubuh@home.se>
Cc: <bugtraq@securityfocus.com>
In-Reply-To: <Pine.LNX.4.33.0107192320500.6474-100000@igloo>
Message-ID: <Pine.GSO.4.30.0107191713120.679-100000@mail>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
On Thu, 19 Jul 2001, Mike Brockman wrote:
> >From what i read about the 'Code Red'-worm, it was supposed to be scanning
> for IIS-servers. It obviously is'nt, i believe it tries to infect
> everything they find on port 80, or something as simple as that.
>
Run nc -l -p 80 > worm, and you'll get a copy. It's not scanning
in any sense, it just tries a connect, and sends the string.
Ryan
