In reviewing network logs I found one packet from a non-adjacent RFC 1918 range that could indicate this is happening; however, admin of the adjacent network did not have adequate logging to verify that this was in fact the case. Tim --- Dan Hubbard <dhubbardat_private> wrote: > Question about the MSBLAST worms. I understand that 40% of the time the > IP's to spread to range of IP's from the network that you are currently > > connected to and that 60% of the time via a random range. > > I have ran this worm mutiple different times and have never seen the > randomized version select an RFC 1918 address range ? Has anyone else > seen > the worm affect any 1918 addresses if your machine is NOT in that range > ? > > Thanks > > > --------------------------------------------------------------------------- > Captus Networks - Integrated Intrusion Prevention and Traffic Shaping > - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans > - Automatically Control P2P, IM and Spam Traffic > - Ensure Reliable Performance of Mission Critical Applications > - Precisely Define and Implement Network Security and Performance > Policies > **FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo > Visit us at: > http://www.securityfocus.com/sponsor/CaptusNetworks_incidents_030814 > ---------------------------------------------------------------------------- > __________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com --------------------------------------------------------------------------- Captus Networks - Integrated Intrusion Prevention and Traffic Shaping - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Automatically Control P2P, IM and Spam Traffic - Ensure Reliable Performance of Mission Critical Applications - Precisely Define and Implement Network Security and Performance Policies **FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo Visit us at: http://www.securityfocus.com/sponsor/CaptusNetworks_incidents_030814 ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Mon Aug 18 2003 - 11:14:55 PDT