lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
From: R.Ferris at napier.ac.uk (Ferris, Robin) Subject: RE: Possible new variant of Nachi Further to this you add the fact ms03-026 wasn't totally effective, I'm starting go like this hypothesis even more RF -----Original Message----- From: Schmehl, Paul L [mailto:pauls@...allas.edu] Sent: 25 September 2003 19:40 To: full-disclosure@...ts.netsys.com Subject: [Full-Disclosure] RE: Possible new variant of Nachi Working hypothesis is as follows: Hosts were turned off previously so they didn't show up in routine scanning. Then they were turned on and got infected with Nachi. Nachi patched for MS03-026. Then a scan showed them patched for MS03-026 but not for MS03-039. Then snort reported their infection. So, it appears to be a timing issue rather than something new. Paul Schmehl (pauls@...allas.edu) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu/~pauls/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists