Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Sasser skips 10.x.x.x Why?

From: Matt Wagenknecht <matt.wagenknecht () quantum com>
Date: Mon, 03 May 2004 10:00:06 -0600
Where did you learn that Sasser skips 10.0.0.0/8 addresses? Does it skip the other private ranges (172.16.0.0/12, 192.168.0.0/16)? 

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Matt Wagenknecht                          CISSP  |  MCSE
Sr. Security Administrator
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Never be afraid to try something new.
Remember, amateurs built the ark; professionals built the Titanic.

This email may contain confidential and privileged information for the
sole use of the intended recipient. Any review or distribution by others
is strictly prohibited. If you are not the intended recipient, please
contact the sender and delete all copies of this email message.



Shawn Cox wrote:


Why on earth would sasser skip 10.x.x.x?

I would venture to say there are a lot of unpatched machines hiding behind
corporate firewalls.

I guess it could be that the target machines are mostly internet based home
machines that have no 10.x.x.x ips to infect and would thus be wasted
infection attempts.

Blaster skipped 10.x.x.x too and was just wondering why...

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: