OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Marc Maiffret (marcEEYE.COM)
Date: Sat Jul 21 2001 - 14:49:37 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    ya we are cleaning up the output of the program and will have version 1.1 on
    our site monday. the program will only list vulnerable servers to keep down
    on the confusion of patched servers and also whether things are iis nt
    servers or not etc... sorry for any confusion.

    Signed,
    Marc Maiffret
    Chief Hacking Officer
    eEye Digital Security
    T.949.349.9062
    F.949.349.9538
    http://eEye.com/Retina - Network Security Scanner
    http://eEye.com/Iris - Network Traffic Analyzer
    http://eEye.com/SecureIIS - Web Application Firewall

    | -----Original Message-----
    | From: Theresa Hadden [mailto:haddenEXPERTIVA.COM]
    | Sent: Saturday, July 21, 2001 10:38 AM
    | To: win2ksecadviceLISTSERV.NTSECURITY.NET
    | Subject: Re: Tool released to scan for possible CodeRed infected servers
    |
    |
    | I also had a problem with this. I even tried scanning known IIS
    | boxes one at
    | a time by IP. For most of them I got a dialog box saying the scan was
    | successful but no servers listed. For a couple I got the 'Patched NT!4'
    | description.
    |
    | Theresa Hadden-Martinez
    | MCSE, MCT
    | haddenexpertiva.com <mailto:haddenexpertiva.com>
    |
    |
    | -----Original Message-----
    | From: Rajendra Prasad Raju.Bh [mailto:rajendraprasad_bhAPOLLOLIFE.COM]
    | Sent: Saturday, July 21, 2001 1:38 AM
    | To: win2ksecadviceLISTSERV.NTSECURITY.NET
    | Subject: Re: Tool released to scan for possible CodeRed infected servers
    |
    |
    | Hi,
    |
    | the scan tool behaves ambigiously.. I have 10 IIS Servers but the
    | scan shows
    | more than 30 in the first scan and if i run it second time it
    | does not show
    | the machines which have already displayed and for the machines it scans it
    | shows Patched NT!4 system what does it actually mean.
    |
    | Rajendra
    |
    |
    | -----Original Message-----
    | From: Marc Maiffret [mailto:marcEEYE.COM]
    | Sent: Saturday, July 21, 2001 4:58 AM
    | To: win2ksecadviceLISTSERV.NTSECURITY.NET
    | Subject: Tool released to scan for possible CodeRed infected servers
    |
    |
    | In an effort to help administrators find all systems within their network
    | that are vulnerable to the .ida buffer overflow attack, which the
    | "Code Red"
    | worm is using to spread itself, we have decided to release a free
    | tool named
    | CodeRed Scanner. It can scan a range of IP addresses and report
    | back any IP
    | addresses which are vulnerable to the .ida attack, and susceptible to the
    | "Code Red" worm.
    |
    | The program will allow you to either scan a single IP address or a Class C
    | (254) set of IP addresses. It will output a list of IP addresses which can
    | be double clicked on to get information on how to patch your
    | system from the
    | .ida vulnerability and to eradicate the "Code Red" worm from your system.
    | Also this is a program you get to install on your own computer so
    | you do not
    | have to go to a website and register to scan 1 IP address at a time etc...
    | like some of the other scanners we have seen that scan for the
    | CodeRed Worm.
    |
    | We are able to remotely scan IP addresses (web servers) for the .ida
    | vulnerability (CodeRed Worm) without having to test your system
    | via a buffer
    | overflow, which can bring your web server down. Instead we use a technique
    | which we have taken from Retina that allows CodeRed Scanner the ability to
    | test a web server remotely, without causing any harm to it. This allows us
    | to see if the .ida patch is installed or not (if the server is infected or
    | susceptible to infection).
    |
    | To download CodeRed Scanner go to:
    | http://www.eeye.com/html/Research/Tools/codered.html
    |
    | Signed,
    | Marc Maiffret
    | Chief Hacking Officer
    | eEye Digital Security
    | T.949.349.9062
    | F.949.349.9538
    | http://eEye.com/Retina - Network Security Scanner
    | http://eEye.com/Iris - Network Traffic Analyzer
    | http://eEye.com/SecureIIS - Stop known and unknown IIS vulnerabilities
    |
    | _____________________________________________________________________
    | ** TO UNSUBSCRIBE, send the command "UNSUBSCRIBE win2ksecadvice"
    | ** FOR A WEEKLY DIGEST, send the command "SET win2ksecadvice DIGEST"
    | SEND ALL COMMANDS TO: listservlistserv.ntsecurity.net
    |
    | _____________________________________________________________________
    | ** TO UNSUBSCRIBE, send the command "UNSUBSCRIBE win2ksecadvice"
    | ** FOR A WEEKLY DIGEST, send the command "SET win2ksecadvice DIGEST"
    | SEND ALL COMMANDS TO: listservlistserv.ntsecurity.net
    |
    | _____________________________________________________________________
    | ** TO UNSUBSCRIBE, send the command "UNSUBSCRIBE win2ksecadvice"
    | ** FOR A WEEKLY DIGEST, send the command "SET win2ksecadvice DIGEST"
    | SEND ALL COMMANDS TO: listservlistserv.ntsecurity.net
    |

    _____________________________________________________________________
    ** TO UNSUBSCRIBE, send the command "UNSUBSCRIBE win2ksecadvice"
    ** FOR A WEEKLY DIGEST, send the command "SET win2ksecadvice DIGEST"
    SEND ALL COMMANDS TO: listservlistserv.ntsecurity.net