| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: jwiens at nersp.nerdc.ufl.edu (Jordan Wiens) Subject: RE: Full-Disclosure digest, Catching Sasser It's random, but doesn't matter what it is. So it'll work with any number; 7584 sounds just as good as any other 4 digit number. His script is meant to download from sasser, and it will, just fine. If the script was using that as a pattern to match on in some sort of ids then, yes, it wouldn't be very effective, but that's not what it's trying to do. -- Jordan Wiens, CISSP UF Network Security Engineer (352)392-2061 On Wed, 5 May 2004, Thomas Springer wrote: > RTFM - the 4digit-number mentioned is random. maybe it'll help to > expand your script to try 9999 combinations or scan 10.000 infected > hosts. It shouldn't be much of a problem to find them - we still > experience >50 different sasser-ips per second hammering our firewall. > > tom > > RandallM wrote: > > > <|>---------ftp_commands------ > > <|>open <infected m/c IP> 5554 > > <|>anonymous > > <|>user > > <|>bin > > <|>get 7584_up.exe > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html >
Powered by blists - more mailing lists