Mine works strictly through http; you give it a range of IP addresses, and it starts busting out the 'GET /scripts/root.exe HTTP/1.1 blah blah blah' commands on port 80. -----Original Message----- From: Thor@xxxxxxxxxxxxxxx [mailto:Thor@xxxxxxxxxxxxxxx] Sent: Tuesday, August 14, 2001 11:53 AM To: [ISAserver.org Discussion List] Subject: [isalist] Re: code red aftermath checker http://www.ISAserver.org Does it require the admin shares to exist? How do you authenticate to the boxes? Do they have to be domain members? ----- Original Message ----- From: "Jim Harrison" <jim@xxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Tuesday, August 14, 2001 8:43 AM Subject: [isalist] Re: code red aftermath checker > http://www.ISAserver.org > > > I see; competition, is it? > Well, if that's the way the game is to be played, then I'll just take my > script and go home. > Everybody please turn in your copies of the script... > > ;-) > > Seriously, please post the link. That's the weak spot in my script; it's > strictly a local tool. > > Jim Harrison > MCP(2K), A+, Network+, PCG > > > ----- Original Message ----- > From: "Shayne Lebrun" <slebrun@xxxxxxxxxxx> > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> > Sent: Tuesday, August 14, 2001 07:38 > Subject: [isalist] code red aftermath checker > > > http://www.ISAserver.org > > > Would anybody be interested in a VB program I whipped up that scans > through a subnet looking for webservers that have a /scripts/root.exe > document? > > Shayne Lebrun > Senior Systems Administrator > Veredex Logistics > slebrun@xxxxxxxxxxx > Office: (905) 282-1515 x 242 > Pager: page_shayne@xxxxxxxxxxx > From a Sun Microsystems bug report (#4102680): > "Workaround: don't pound on the mouse like a wild monkey." > Want to hold up a bank in Latin? > "Catapultam habeo. Nisi pecuniam omnem mihi dabis, ad caput tuum saxum > immane mittam." > (I have a catapult. Give me all the money, or I will fling an enormous > rock > at your head.) > "Lawyers are like chemical weapons. Everybody gets screwed if they're > let > out." > > > > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > jim@xxxxxxxxxxxx > To unsubscribe send a blank email to $subst('Email.Unsub') > > > > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: thor@xxxxxxxxxxxxxxx > To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: slebrun@xxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')