Re: msblast and RFC 1918 addresses

From: Tim (timv2000at_private)
Date: Mon Aug 18 2003 - 08:08:08 PDT

Next message: Dan Hanson: "Article Announcement (3):"

Previous message: Ostberg, Alex: "Re-Infection with Blaster Worm"
In reply to: Dan Hubbard: "msblast and RFC 1918 addresses"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

In reviewing network logs I found one packet from a non-adjacent RFC 1918
range that could indicate this is happening; however, admin of the
adjacent network did not have adequate logging to verify that this was in
fact the case.

Tim


--- Dan Hubbard <dhubbardat_private> wrote:
> Question about the MSBLAST worms. I understand that 40% of the time the 
> IP's to spread to range of IP's from  the network that you are currently
> 
> connected to and that 60% of the time via a random range.
> 
> I have ran this worm mutiple different times and have never seen the 
> randomized version select an RFC 1918 address range ?  Has anyone else
> seen 
> the worm affect any 1918 addresses if your machine is NOT in that range
> ?
> 
> Thanks  
> 
> 
>
---------------------------------------------------------------------------
> Captus Networks - Integrated Intrusion Prevention and Traffic Shaping  
>  - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
>  - Automatically Control P2P, IM and Spam Traffic
>  - Ensure Reliable Performance of Mission Critical Applications
>  - Precisely Define and Implement Network Security and Performance
> Policies
> **FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo
> Visit us at: 
> http://www.securityfocus.com/sponsor/CaptusNetworks_incidents_030814
>
----------------------------------------------------------------------------
> 


__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com

---------------------------------------------------------------------------
Captus Networks - Integrated Intrusion Prevention and Traffic Shaping  
 - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
 - Automatically Control P2P, IM and Spam Traffic
 - Ensure Reliable Performance of Mission Critical Applications
 - Precisely Define and Implement Network Security and Performance Policies
**FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo
Visit us at: 
http://www.securityfocus.com/sponsor/CaptusNetworks_incidents_030814
----------------------------------------------------------------------------

Next message: Dan Hanson: "Article Announcement (3):"
Previous message: Ostberg, Alex: "Re-Infection with Blaster Worm"
In reply to: Dan Hubbard: "msblast and RFC 1918 addresses"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Aug 18 2003 - 11:14:55 PDT