| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1083621570.487.99.camel@localhost> From: frank at knobbe.us (Frank Knobbe) Subject: Sasser skips 10.x.x.x Why? On Mon, 2004-05-03 at 14:44, Eric Chien wrote: > Actually, it is all variants (.A - .D). And more > specifically, it iterates through all the host IP > addresses looking for an address that does not match: > 127.0.0.1 > 10. > 172.16 - 172.31 (inclusive) > 192.168. > 169.254 > > Then, using this address it creates a random address > (sometimes changing all octets, sometimes just the > last three, and sometimes just the last two). Word has it that this is not true. While the code for the address check is there, it doesn't appear to work on some Sasser variants. There are reports of infected 10/8 and 192.168/16 networks. Regards, Frank -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: This is a digitally signed message part Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040503/85fa4c94/attachment.bin
Powered by blists - more mailing lists