Security Incidents mailing list archives
Re: Possible variant of Blaster/Nachi/Welchia? (more)
From: Jeff Kell <jeff-kell () utc edu>
Date: Fri, 26 Sep 2003 19:05:02 -0400
The best answer I have heard thus far came from Jon Lewis <jlewis () lewis org> who said:
Dialup doesn't have to be involved. Apparently the AOL software when used across the internet gives the user's PC an AOL IP address, and for whatever reason, packets sourced from that address will leak out the PC's ethernet without going through whatever sort of tunnel the AOL software sets up. On the private network where I helped track it down, it was upsetting their firewall, which thought the packets were spoofed.
Since we haven't confirmed this yet on the affected systems here, can anyone lend any further credence or details on the AOL leakage theory?
If true, it doesn't cast a very bright (pun?) light on AOL software. Jeff --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Re: Possible variant of Blaster/Nachi/Welchia? (more) Steven D. Smith (Sep 26)
- Re: Possible variant of Blaster/Nachi/Welchia? (more) Jean-Luc Cavey (Sep 26)
- Re: Possible variant of Blaster/Nachi/Welchia? (more) Bob Barron (Sep 26)
- Re: Possible variant of Blaster/Nachi/Welchia? (more) Jeff Kell (Sep 28)
- RE: Possible variant of Blaster/Nachi/Welchia? (more) David Gillett (Sep 29)
- Re: Possible variant of Blaster/Nachi/Welchia? (more) Bob Barron (Sep 26)
- Re: Possible variant of Blaster/Nachi/Welchia? (more) Jean-Luc Cavey (Sep 26)
- <Possible follow-ups>
- RE: Possible variant of Blaster/Nachi/Welchia? (more) Bassett, Mark (Sep 26)
- Re: Possible variant of Blaster/Nachi/Welchia? (more) Joe Stewart (Sep 26)
- Re: Possible variant of Blaster/Nachi/Welchia? (more) Jean-Luc Cavey (Sep 26)
- Re: Possible variant of Blaster/Nachi/Welchia? (more) Joe Stewart (Sep 26)