Full Disclosure mailing list archives
Re: Blaster: will it spread without tftp?
From: Valdis.Kletnieks () vt edu
Date: Tue, 12 Aug 2003 17:12:36 -0400
On Tue, 12 Aug 2003 22:19:19 +0200, Maarten <subscriptions () hartsuijker com> said:
- since tftp servers can not be accessed, msblaster.exe can not be downloaded - since msblaster.exe can not be downloaded these other systems will not start to infect other systems... Am I correct on these last two points?
The tftp connection is made back to the machine that sent the original infection vector. So if somebody brings in a contaminated laptop, that laptop will start attacking, and any machines that get whacked will call that laptop for their tftp connection. Then those machines will start scanning, and if THEY find any vulnerable machines they'll whack them - and those just-whacked machines will call back to the one that whacked them, not the original laptop, and so on..
Attachment:
_bin
Description:
Current thread:
- RE: ISS Security Brief: "MS Blast" MSRPC DCOM Worm Propagation (fwd), (continued)
- RE: ISS Security Brief: "MS Blast" MSRPC DCOM Worm Propagation (fwd) Evans, Arian (Aug 12)
- Blaster: will it spread without tftp? Maarten (Aug 12)
- Re: Blaster: will it spread without tftp? Craig Pratt (Aug 12)
- Re: Blaster: will it spread without tftp? Maarten Hartsuijker (Aug 12)
- Re: Blaster: will it spread without tftp? Jim Clausing (Aug 12)
- Re: Blaster: will it spread without tftp? Matthew Murphy (Aug 12)
- RE: Blaster: will it spread without tftp? Derek Soeder (Aug 12)
- Re: Blaster: will it spread without tftp? Nick FitzGerald (Aug 12)
- Re: Blaster: will it spread without tftp? Russell Fulton (Aug 12)
- Re: Blaster: will it spread without tftp? Gregory Steuck (Aug 13)
- Blaster: will it spread without tftp? Maarten (Aug 12)
- Re: Blaster: will it spread without tftp? Valdis . Kletnieks (Aug 13)
- RE: ISS Security Brief: "MS Blast" MSRPC DCOM Worm Propagation (fwd) Evans, Arian (Aug 12)
- RE: ISS Security Brief: "MS Blast" MSRPC DCOM Worm Propagation (fwd) Ron DuFresne (Aug 12)
- Re: ISS Security Brief: "MS Blast" MSRPC DCOM Worm Propagation (fwd) Gregory Steuck (Aug 13)
- RE: ISS Security Brief: "MS Blast" MSRPC DCOM Worm Propagation (fwd) Mike (Aug 13)