| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <200308122112.h7CLCaSt004514@turing-police.cc.vt.edu> From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks@...edu) Subject: Blaster: will it spread without tftp? On Tue, 12 Aug 2003 22:19:19 +0200, Maarten <subscriptions@...tsuijker.com> said: > - since tftp servers can not be accessed, msblaster.exe can not be > downloaded > - since msblaster.exe can not be downloaded these other systems will not > start to infect other systems... > > Am I correct on these last two points? The tftp connection is made back to the machine that sent the original infection vector. So if somebody brings in a contaminated laptop, that laptop will start attacking, and any machines that get whacked will call that laptop for their tftp connection. Then those machines will start scanning, and if THEY find any vulnerable machines they'll whack them - and those just-whacked machines will call back to the one that whacked them, not the original laptop, and so on.. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 226 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20030812/5c65b660/attachment.bin
Powered by blists - more mailing lists