--- Mike <bugginat_private> a écrit : > Is it possible for the CR worm to affect the > performance of a cable modem if that modem has a > built in web based configuration tool that is accessed > via a 192 static ip? The worm could probe the modem if the web server can be accessed from outside. (BTW, it seems it could generate the RFC 1918 address, as it only skips 127.*, 224.* and its own current IP) 192.168.* should not be routed to Internet, but I could see that they are often blocked deep into the network infrastructure, far from the end users (try a traceroute, and you may have answers from a dozen of gateways, depending on your ISP organization) So if the worm attacks from another customer of the same ISP, it might reach the modem. Source routed packets do not go very far on Internet, and cannot be used efficiently for TCP AFAIK. (And the worm is not known to use such a feature) The performance problem looks odd: if the modem blacklists the attacker, this should only block IP in the same block as yours, not distant servers. Just my EUR 0.0228 ___________________________________________________________ Do You Yahoo!? -- Vos albums photos en ligne, Yahoo! Photos : http://fr.photos.yahoo.com
This archive was generated by hypermail 2b30 : Wed Aug 08 2001 - 10:24:55 PDT