('binary' encoding is not supported, stored as-is) In-Reply-To: <5.2.1.1.0.20030815155342.00a837e8at_private> Hi, I am afraid it does affect RFC 1918 addresses, at least did it on my network. I have a WLAN (11 Mbps) at the first time i could not realise what the .... was going on. Public ip addresses randomly changing by 20 i.e: 99.66.18.125 - 99.66.18.144 etc But 2 days ago i saw an RFC 1918 address 10/8 prefix. I have a router with network 10.0.0.0 I only saw it once and then nothing again. Regards Kostas >Received: (qmail 15582 invoked from network); 16 Aug 2003 00:56:27 -0000 >Received: from outgoing3.securityfocus.com (205.206.231.27) > by mail.securityfocus.com with SMTP; 16 Aug 2003 00:56:27 -0000 >Received: from lists.securityfocus.com (lists.securityfocus.com [205.206.231.19]) > by outgoing3.securityfocus.com (Postfix) with QMQP > id 0CA10A3381; Fri, 15 Aug 2003 18:59:47 -0600 (MDT) >Mailing-List: contact incidents-helpat_private; run by ezmlm >Precedence: bulk >List-Id: <incidents.list-id.securityfocus.com> >List-Post: <mailto:incidentsat_private> >List-Help: <mailto:incidents-helpat_private> >List-Unsubscribe: <mailto:incidents-unsubscribeat_private> >List-Subscribe: <mailto:incidents-subscribeat_private> >Delivered-To: mailing list incidentsat_private >Delivered-To: moderator for incidentsat_private >Received: (qmail 4218 invoked from network); 15 Aug 2003 16:49:38 -0000 >Message-Id: <5.2.1.1.0.20030815155342.00a837e8at_private> >X-Sender: dhubbardat_private >X-Mailer: QUALCOMM Windows Eudora Version 5.2.1 >Date: Fri, 15 Aug 2003 15:54:40 -0700 >To: incidentsat_private >From: Dan Hubbard <dhubbardat_private> >Subject: msblast and RFC 1918 addresses >Mime-Version: 1.0 >Content-Type: text/plain; charset="us-ascii"; format=flowed > >Question about the MSBLAST worms. I understand that 40% of the time the >IP's to spread to range of IP's from the network that you are currently >connected to and that 60% of the time via a random range. > >I have ran this worm mutiple different times and have never seen the >randomized version select an RFC 1918 address range ? Has anyone else seen >the worm affect any 1918 addresses if your machine is NOT in that range ? > >Thanks > > >-------------------------------------------------------------------------- - >Captus Networks - Integrated Intrusion Prevention and Traffic Shaping > - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans > - Automatically Control P2P, IM and Spam Traffic > - Ensure Reliable Performance of Mission Critical Applications > - Precisely Define and Implement Network Security and Performance Policies >**FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo >Visit us at: >http://www.securityfocus.com/sponsor/CaptusNetworks_incidents_030814 >-------------------------------------------------------------------------- -- > > --------------------------------------------------------------------------- Captus Networks - Integrated Intrusion Prevention and Traffic Shaping - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Automatically Control P2P, IM and Spam Traffic - Ensure Reliable Performance of Mission Critical Applications - Precisely Define and Implement Network Security and Performance Policies **FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo Visit us at: http://www.securityfocus.com/sponsor/CaptusNetworks_incidents_030814 ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Sat Aug 16 2003 - 13:11:30 PDT