lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20040503215257.GX1580@suespammers.org>
From: rodrigob at suespammers.org (Rodrigo Barbosa)
Subject: Sasser skips 10.x.x.x Why?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I have several cases of machines on 172.18.X.X networks infecting
each other.

On Mon, May 03, 2004 at 12:44:31PM -0700, Eric Chien wrote:
> Actually, it is all variants (.A - .D).  And more
> specifically, it iterates through all the host IP
> addresses looking for an address that does not match:
> 127.0.0.1
> 10.
> 172.16 - 172.31 (inclusive)
> 192.168.
> 169.254
> 
> Then, using this address it creates a random address
> (sometimes changing all octets, sometimes just the
> last three, and sometimes just the last two).
> 
> ...Eric
> 
> --- Shawn Cox <shawn.cox@...a.com> wrote:
> > It appears that only .D skips private ranges.  I
> > incorrectly assumed that
> > the original would do the same.
> >
> http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SASSER.D&VSect=T
> > 
> > --Shawn
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html

- -- 
Rodrigo Barbosa <rodrigob@...spammers.org>
"Quid quid Latine dictum sit, altum viditur"
"Be excellent to each other ..." - Bill & Ted (Wyld Stallyns)

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQFAlr84pdyWzQ5b5ckRArQnAKCF+8d9s9yRKige5HM4yHlzs+gFEACgjylU
yCiXhCxRPNpFFVkU2/QnCHI=
=e9Ce
-----END PGP SIGNATURE-----


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ