Re: Sasser skips 10.x.x.x Why?

["Shawn Cox" <shawn.cox () pcca com>]

It appears that only .D skips private ranges.  I incorrectly assumed that
the original would do the same.
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SASSER.D&VSect=T

--Shawn


----- Original Message ----- 
From: "Matt Wagenknecht" <matt.wagenknecht () quantum com>
To: "Shawn Cox" <shawn.cox () pcca com>
Cc: <full-disclosure () lists netsys com>
Sent: Monday, May 03, 2004 11:00 AM
Subject: Re: [Full-disclosure] Sasser skips 10.x.x.x Why?


> Where did you learn that Sasser skips 10.0.0.0/8 addresses? Does it skip
> the other private ranges (172.16.0.0/12, 192.168.0.0/16)?
>
> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
> Matt Wagenknecht                          CISSP  |  MCSE
> Sr. Security Administrator
> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
> Never be afraid to try something new.
> Remember, amateurs built the ark; professionals built the Titanic.
>
> This email may contain confidential and privileged information for the
> sole use of the intended recipient. Any review or distribution by others
> is strictly prohibited. If you are not the intended recipient, please
> contact the sender and delete all copies of this email message.
>
>
>
> Shawn Cox wrote:
>
> > Why on earth would sasser skip 10.x.x.x?
> >
> > I would venture to say there are a lot of unpatched machines hiding
behind
> > corporate firewalls.
> >
> > I guess it could be that the target machines are mostly internet based
home
> > machines that have no 10.x.x.x ips to infect and would thus be wasted
> > infection attempts.
> >
> > Blaster skipped 10.x.x.x too and was just wondering why...
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html