-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > I thought the worm skipped 127.x.x.x and 224.x.x.x addresses? > (From eEye's analysis) It does, very simple: The PRNG output is checked before the worm attempts to connect to the IP generated. It just discards IPs with the 4th byte of 127 or 224. The Death -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com> iQA/AwUBO13hse6B0r4ZZEp/EQKq2gCgv8w4Mf7fgl7VwPAABieiQJtId3UAoLSI hdLCPoO7PfsdUu+pG9not0hG =bc3y -----END PGP SIGNATURE----- ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Jul 24 2001 - 13:46:21 PDT