lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: ecchien at yahoo.com (Eric Chien)
Subject: Sasser skips 10.x.x.x Why?

Actually, it is all variants (.A - .D).  And more
specifically, it iterates through all the host IP
addresses looking for an address that does not match:
127.0.0.1
10.
172.16 - 172.31 (inclusive)
192.168.
169.254

Then, using this address it creates a random address
(sometimes changing all octets, sometimes just the
last three, and sometimes just the last two).

...Eric

--- Shawn Cox <shawn.cox@...a.com> wrote:
> It appears that only .D skips private ranges.  I
> incorrectly assumed that
> the original would do the same.
>
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SASSER.D&VSect=T
> 
> --Shawn

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ