RE: Code Red and ISS Internet Scanner

From: Johnston, Jack (JohnstonJ@mtmc.army.mil)
Date: 07/31/01 

Message-ID: <802171AD2639D4118F9800508B6FD214021A97A2@DSC19>
From: "Johnston, Jack" <JohnstonJ@mtmc.army.mil>
To: incidents@securityfocus.com
Subject: RE: Code Red and ISS Internet Scanner
Date: Tue, 31 Jul 2001 14:49:32 -0400

We've been using the eEye Code Red Scanner since yesterday afternoon, at my
hQ and
at our subordinate commands, and all are in agreement that it's working
rather well.

Jack Johnston
Information Assurance Manager
Information Warfare Officer
MTDC-IMI
DSN-927-7497/cml 757-878-7497
<johnstonj@mtmc.army.mil>

-----Original Message-----
From: Aj Effin Reznor [mailto:aj@reznor.com]
Sent: Tuesday, July 31, 2001 12:34 PM
To: incidents@securityfocus.com
Subject: Re: Code Red and ISS Internet Scanner

"Mike Peterson was known to say....."
>
> I don't want to start any discussions about ISS
> Internet Scanner but, with the prospect of renewed
> activity by the Code Red worm it needs to be pointed
> out that Internet Scanner may not pick up the
> vulnerability.
>
> After using Internet Scanner 6.1 xpu 10 we did not
> find the vulnerability, until we got hit by the Code
> Red worm. According to ISS, Internet Scanner will
> only find the vulnerability if you operate with a
> username and password with administrative rights on
> the target.
>

While not detecting the *activity* of the worm, eEye has a simple no-charge
tool to let you know if your
machines are at least likely to fall prey to it:

http://www.eeye.com/html/Research/Tools/codered.html

~middle of the page, CodeRedScanner

-aj.

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com

Relevant Pages

  • Re: Code Red and ISS Internet Scanner
    ... Code Red and ISS Internet Scanner ... > activity by the Code Red worm it needs to be pointed ... > find the vulnerability, until we got hit by the Code ...
    (Incidents)
  • Re: Internet Scanner by ISS
    ... If I read your message correctly, you have ISS Internet Scanner on one ... If you mean that you have ISS Internet Scanners in your DMZ, ... While these firewall rules are softened you're opening a door to potential ...
    (comp.security.misc)
  • [NT] Flaw in Internet Scanner Parsing Mechanism
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... ISS X-Force has learned of a text-parsing flaw within Internet Scanner. ... Internet Scanner is a network security vulnerability assessment product. ... by probing devices across a network and interpreting responses. ...
    (Securiteam)
  • Code Red and ISS Internet Scanner
    ... Code Red and ISS Internet Scanner ... I don't want to start any discussions about ISS ... find the vulnerability, until we got hit by the Code ... Make international calls for as low as $.04/minute with Yahoo! ...
    (Incidents)
Quantcast