On Tue, 18 Sep 2001, Olle Segerdahl wrote: > Quick analysis indicates that it propagates itself in a number of > different ways: any info on how it determines the networks to spread to/ scan? the email and IIS vulnerability scans are what i'm talking about. is it assuming class B addresses? i ask because our netmasks around here are in the neighborhood of /22, though our severs are seeing scans from the whole /16. i haven't been tracking the email propogation. thanks. ____________________________ jose nazario joseat_private PGP: 89 B0 81 DA 5B FD 7E 00 99 C3 B2 CD 48 A0 07 80 PGP key ID 0xFD37F4E5 (pgp.mit.edu) ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Sep 18 2001 - 18:08:05 PDT