Why on earth would sasser skip 10.x.x.x?
I would venture to say there are a lot of unpatched machines hiding behind
corporate firewalls.
I guess it could be that the target machines are mostly internet based home
machines that have no 10.x.x.x ips to infect and would thus be wasted
infection
Shawn Cox wrote:
Why on earth would sasser skip 10.x.x.x?
Who on earth told you this?
Both Sasser and Blaster infect 10.* - I am on a 10.*...
--
Thomas Springer
___
Full-Disclosure - We believe in it.
Charter:
Where did you learn that Sasser skips 10.0.0.0/8 addresses? Does it skip
the other private ranges (172.16.0.0/12, 192.168.0.0/16)?
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Matt Wagenknecht CISSP | MCSE
Sr. Security Administrator
PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Monday, May 03, 2004 11:00 AM
Subject: Re: [Full-Disclosure] Sasser skips 10.x.x.x Why?
Where did you learn that Sasser skips 10.0.0.0/8 addresses? Does it skip
the other private ranges (172.16.0.0/12, 192.168.0.0/16
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I have several cases of machines on 172.18.X.X networks infecting
each other.
On Mon, May 03, 2004 at 12:44:31PM -0700, Eric Chien wrote:
Actually, it is all variants (.A - .D). And more
specifically, it iterates through all the host IP
addresses
--- Frank Knobbe [EMAIL PROTECTED] wrote:
On Mon, 2004-05-03 at 14:44, Eric Chien wrote:
Actually, it is all variants (.A - .D). And more
specifically, it iterates through all the host IP
addresses looking for an address that does not
match:
127.0.0.1
10.
172.16 - 172.31
On Mon, 2004-05-03 at 14:44, Eric Chien wrote:
Actually, it is all variants (.A - .D). And more
specifically, it iterates through all the host IP
addresses looking for an address that does not match:
127.0.0.1
10.
172.16 - 172.31 (inclusive)
192.168.
169.254
Then, using this address it
On Monday 03 May 2004 3:44 pm, Eric Chien wrote:
Actually, it is all variants (.A - .D). And more
specifically, it iterates through all the host IP
addresses looking for an address that does not match:
127.0.0.1
10.
172.16 - 172.31 (inclusive)
192.168.
169.254
Then, using this address
Actually, it is all variants (.A - .D). And more
specifically, it iterates through all the host IP
addresses looking for an address that does not match:
127.0.0.1
10.
172.16 - 172.31 (inclusive)
192.168.
169.254
Then, using this address it creates a random address
(sometimes changing all octets,
We used 10.x.x.x and we were infected.
wr
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Thomas Springer
Sent: Monday, May 03, 2004 5:14 PM
To: [EMAIL PROTECTED]
Subject: Re: [Full-Disclosure] Sasser skips 10.x.x.x Why?
Shawn Cox wrote
10 matches
Mail list logo