[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Sasser skips 10.x.x.x Why?

To: full-disclosure@xxxxxxxxxxxxxxxx
Subject: Re: [Full-Disclosure] Sasser skips 10.x.x.x Why?
From: Eric Chien <ecchien@xxxxxxxxx>
Date: Mon, 3 May 2004 12:44:31 -0700 (PDT)

Actually, it is all variants (.A - .D).  And more
specifically, it iterates through all the host IP
addresses looking for an address that does not match:
127.0.0.1
10.
172.16 - 172.31 (inclusive)
192.168.
169.254

Then, using this address it creates a random address
(sometimes changing all octets, sometimes just the
last three, and sometimes just the last two).

...Eric

--- Shawn Cox <shawn.cox@xxxxxxxx> wrote:
> It appears that only .D skips private ranges.  I
> incorrectly assumed that
> the original would do the same.
>
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SASSER.D&VSect=T
> 
> --Shawn

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- Re: [Full-Disclosure] Sasser skips 10.x.x.x Why?
  - From: Joe Stewart
- Re: [Full-Disclosure] Sasser skips 10.x.x.x Why?
  - From: Frank Knobbe
- Re: [Full-Disclosure] Sasser skips 10.x.x.x Why?
  - From: Rodrigo Barbosa

References:
- Re: [Full-Disclosure] Sasser skips 10.x.x.x Why?
  - From: Shawn Cox

Prev by Date: Re: [Full-Disclosure] A rather newbie question
Next by Date: [Full-Disclosure] iDEFENSE: Upcoming OpenSSH Security Advisory Announcement (Richard Johnson)
Previous by thread: Re: [Full-Disclosure] Sasser skips 10.x.x.x Why?
Next by thread: Re: [Full-Disclosure] Sasser skips 10.x.x.x Why?
Index(es):
- Date
- Thread