| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: rodrigob at suespammers.org (Rodrigo Barbosa) Subject: Sasser skips 10.x.x.x Why? -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have several cases of machines on 172.18.X.X networks infecting each other. On Mon, May 03, 2004 at 12:44:31PM -0700, Eric Chien wrote: > Actually, it is all variants (.A - .D). And more > specifically, it iterates through all the host IP > addresses looking for an address that does not match: > 127.0.0.1 > 10. > 172.16 - 172.31 (inclusive) > 192.168. > 169.254 > > Then, using this address it creates a random address > (sometimes changing all octets, sometimes just the > last three, and sometimes just the last two). > > ...Eric > > --- Shawn Cox <shawn.cox@...a.com> wrote: > > It appears that only .D skips private ranges. I > > incorrectly assumed that > > the original would do the same. > > > http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SASSER.D&VSect=T > > > > --Shawn > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html - -- Rodrigo Barbosa <rodrigob@...spammers.org> "Quid quid Latine dictum sit, altum viditur" "Be excellent to each other ..." - Bill & Ted (Wyld Stallyns) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQFAlr84pdyWzQ5b5ckRArQnAKCF+8d9s9yRKige5HM4yHlzs+gFEACgjylU yCiXhCxRPNpFFVkU2/QnCHI= =e9Ce -----END PGP SIGNATURE-----
Powered by blists - more mailing lists