Free Code Red checker

North American Network Operators Group

Free Code Red checker

From: Seth M. Kusiak
Date: Fri Jul 20 21:35:51 2001

Thought this may interest some on this list...

-----Original Message-----
From: Marc Maiffret [mailto:[email protected]]
Sent: Friday, July 20, 2001 7:28 PM
To: NT System Admin Issues
Subject: Tool released to scan for possible CodeRed infected servers

In an effort to help administrators find all systems within their network
that are vulnerable to the .ida buffer overflow attack, which the "Code Red"
worm is using to spread itself, we have decided to release a free tool named
CodeRed Scanner. It can scan a range of IP addresses and report back any IP
addresses which are vulnerable to the .ida attack, and susceptible to the
"Code Red" worm.
The program will allow you to either scan a single IP address or a Class C
(254) set of IP addresses. It will output a list of IP addresses which can
be double clicked on to get information on how to patch your system from the
.ida vulnerability and to eradicate the "Code Red" worm from your system.
Also this is a program you get to install on your own computer so you do not
have to go to a website and register to scan 1 IP address at a time etc...
like some of the other scanners we have seen that scan for the CodeRed Worm.
We are able to remotely scan IP addresses (web servers) for the .ida
vulnerability (CodeRed Worm) without having to test your system via a buffer
overflow, which can bring your web server down. Instead we use a technique
which we have taken from Retina that allows CodeRed Scanner the ability to
test a web server remotely, without causing any harm to it. This allows us
to see if the .ida patch is installed or not (if the server is infected or
susceptible to infection).
To download CodeRed Scanner go to:
http://www.eeye.com/html/Research/Tools/codered.html
Signed,
Marc Maiffret
Chief Hacking Officer
eEye Digital Security
T.949.349.9062
F.949.349.9538
http://eEye.com/Retina - Network Security Scanner
http://eEye.com/Iris - Network Traffic Analyzer
http://eEye.com/SecureIIS - Stop known and unknown IIS vulnerabilities

Follow-Ups:
- Re: Free Code Red checker Gary E. Miller

References:
- RE: Code Red : Any whitehouse.gov people around? Ariel Biener

Prev by Date: RE: Code Red : Any whitehouse.gov people around?
Next by Date: Re: Free Code Red checker
Date Index
Thread Index
Author Index
Historical