lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <01d601c43134$8781fd00$2001050a@LBKPCSCOX>
From: shawn.cox at pcca.com (Shawn Cox)
Subject: Sasser skips 10.x.x.x Why?

It appears that only .D skips private ranges.  I incorrectly assumed that
the original would do the same.
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SASSER.D&VSect=T

--Shawn


----- Original Message ----- 
From: "Matt Wagenknecht" <matt.wagenknecht@...ntum.com>
To: "Shawn Cox" <shawn.cox@...a.com>
Cc: <full-disclosure@...ts.netsys.com>
Sent: Monday, May 03, 2004 11:00 AM
Subject: Re: [Full-Disclosure] Sasser skips 10.x.x.x Why?


> Where did you learn that Sasser skips 10.0.0.0/8 addresses? Does it skip
> the other private ranges (172.16.0.0/12, 192.168.0.0/16)?
>
> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
> Matt Wagenknecht                          CISSP  |  MCSE
> Sr. Security Administrator
> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
> Never be afraid to try something new.
> Remember, amateurs built the ark; professionals built the Titanic.
>
> This email may contain confidential and privileged information for the
> sole use of the intended recipient. Any review or distribution by others
> is strictly prohibited. If you are not the intended recipient, please
> contact the sender and delete all copies of this email message.
>
>
>
> Shawn Cox wrote:
>
> >Why on earth would sasser skip 10.x.x.x?
> >
> >I would venture to say there are a lot of unpatched machines hiding
behind
> >corporate firewalls.
> >
> >I guess it could be that the target machines are mostly internet based
home
> >machines that have no 10.x.x.x ips to infect and would thus be wasted
> >infection attempts.
> >
> >Blaster skipped 10.x.x.x too and was just wondering why...
> >
> >_______________________________________________
> >Full-Disclosure - We believe in it.
> >Charter: http://lists.netsys.com/full-disclosure-charter.html
> >
> >
>


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ