Full Disclosure mailing list archives
Re: Sasser skips 10.x.x.x Why?
From: Rodrigo Barbosa <rodrigob () suespammers org>
Date: Mon, 3 May 2004 18:52:57 -0300
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have several cases of machines on 172.18.X.X networks infecting each other. On Mon, May 03, 2004 at 12:44:31PM -0700, Eric Chien wrote:
Actually, it is all variants (.A - .D). And more specifically, it iterates through all the host IP addresses looking for an address that does not match: 127.0.0.1 10. 172.16 - 172.31 (inclusive) 192.168. 169.254 Then, using this address it creates a random address (sometimes changing all octets, sometimes just the last three, and sometimes just the last two). ...Eric --- Shawn Cox <shawn.cox () pcca com> wrote:It appears that only .D skips private ranges. I incorrectly assumed that the original would do the same.http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SASSER.D&VSect=T--Shawn_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
- -- Rodrigo Barbosa <rodrigob () suespammers org> "Quid quid Latine dictum sit, altum viditur" "Be excellent to each other ..." - Bill & Ted (Wyld Stallyns) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQFAlr84pdyWzQ5b5ckRArQnAKCF+8d9s9yRKige5HM4yHlzs+gFEACgjylU yCiXhCxRPNpFFVkU2/QnCHI= =e9Ce -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: New LSASS-based worm finally here (Sasser), (continued)
- Re: New LSASS-based worm finally here (Sasser) Javier Fernandez-Sanguino (May 03)
- Sasser skips 10.x.x.x Why? Shawn Cox (May 03)
- Re: Sasser skips 10.x.x.x Why? Thomas Springer (May 03)
- Unpacking Sasser youssef ALAOUI (May 03)
- RE: Sasser skips 10.x.x.x Why? Warnich Rust (May 03)
- Re: Sasser skips 10.x.x.x Why? Matt Wagenknecht (May 03)
- Re: Sasser skips 10.x.x.x Why? Shawn Cox (May 03)
- Re: Sasser skips 10.x.x.x Why? Eric Chien (May 03)
- Re: Sasser skips 10.x.x.x Why? Frank Knobbe (May 03)
- Re: Sasser skips 10.x.x.x Why? Eric Chien (May 03)
- Sasser skips 10.x.x.x Why? Shawn Cox (May 03)
- Re: Sasser skips 10.x.x.x Why? Rodrigo Barbosa (May 03)
- Re: Sasser skips 10.x.x.x Why? Joe Stewart (May 03)
- Re: New LSASS-based worm finally here (Sasser) Javier Fernandez-Sanguino (May 03)
- Re: Re: New LSASS-based worm finally here (Sasser) Javier Fernandez-Sanguino (May 04)
- Re: Re: New LSASS-based worm finally here (Sasser) insecure (May 04)
- Re: New LSASS-based worm finally here (Sasser) Gadi Evron (May 04)
- Re: New LSASS-based worm finally here (Sasser) Javier Fernandez-Sanguino (May 05)