[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <01d601c43134$8781fd00$2001050a@LBKPCSCOX>
From: shawn.cox at pcca.com (Shawn Cox)
Subject: Sasser skips 10.x.x.x Why?
It appears that only .D skips private ranges. I incorrectly assumed that
the original would do the same.
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SASSER.D&VSect=T
--Shawn
----- Original Message -----
From: "Matt Wagenknecht" <matt.wagenknecht@...ntum.com>
To: "Shawn Cox" <shawn.cox@...a.com>
Cc: <full-disclosure@...ts.netsys.com>
Sent: Monday, May 03, 2004 11:00 AM
Subject: Re: [Full-Disclosure] Sasser skips 10.x.x.x Why?
> Where did you learn that Sasser skips 10.0.0.0/8 addresses? Does it skip
> the other private ranges (172.16.0.0/12, 192.168.0.0/16)?
>
> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
> Matt Wagenknecht CISSP | MCSE
> Sr. Security Administrator
> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
> Never be afraid to try something new.
> Remember, amateurs built the ark; professionals built the Titanic.
>
> This email may contain confidential and privileged information for the
> sole use of the intended recipient. Any review or distribution by others
> is strictly prohibited. If you are not the intended recipient, please
> contact the sender and delete all copies of this email message.
>
>
>
> Shawn Cox wrote:
>
> >Why on earth would sasser skip 10.x.x.x?
> >
> >I would venture to say there are a lot of unpatched machines hiding
behind
> >corporate firewalls.
> >
> >I guess it could be that the target machines are mostly internet based
home
> >machines that have no 10.x.x.x ips to infect and would thus be wasted
> >infection attempts.
> >
> >Blaster skipped 10.x.x.x too and was just wondering why...
> >
> >_______________________________________________
> >Full-Disclosure - We believe in it.
> >Charter: http://lists.netsys.com/full-disclosure-charter.html
> >
> >
>
Powered by blists - more mailing lists