[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] RE: Full-Disclosure digest, Catching Sasser

To: full-disclosure@xxxxxxxxxxxxxxxx
Subject: Re: [Full-Disclosure] RE: Full-Disclosure digest, Catching Sasser
From: Thomas Springer <tuevsec@xxxxxxx>
Date: Wed, 05 May 2004 14:12:58 +0200

RTFM - the 4digit-number mentioned is random. maybe it'll help to expand your script to try 9999 combinations or scan 10.000 infected hosts. It shouldn't be much of a problem to find them - we still experience >50 different sasser-ips per second hammering our firewall.

tom

RandallM wrote:

<|>---------ftp_commands------
<|>open <infected m/c IP> 5554
<|>anonymous
<|>user
<|>bin
<|>get 7584_up.exe


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- Re: [Full-Disclosure] RE: Full-Disclosure digest, Catching Sasser
  - From: Jordan Wiens

References:
- [Full-Disclosure] RE: Full-Disclosure digest, Catching Sasser
  - From: RandallM

Prev by Date: Re: [Full-Disclosure] morning_wood is really a blackhat
Next by Date: Re: [Full-Disclosure] Michael Jäger/ITAmtBw/Rüstung/BMVg/DE ist außer Haus.
Previous by thread: [Full-Disclosure] RE: Full-Disclosure digest, Catching Sasser
Next by thread: Re: [Full-Disclosure] RE: Full-Disclosure digest, Catching Sasser
Index(es):
- Date
- Thread