It appears that only .D skips private ranges. I incorrectly assumed that the original would do the same. http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SASSER.D&VSect=T
--Shawn ----- Original Message ----- From: "Matt Wagenknecht" <[EMAIL PROTECTED]> To: "Shawn Cox" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Monday, May 03, 2004 11:00 AM Subject: Re: [Full-Disclosure] Sasser skips 10.x.x.x Why? > Where did you learn that Sasser skips 10.0.0.0/8 addresses? Does it skip > the other private ranges (172.16.0.0/12, 192.168.0.0/16)? > > -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- > Matt Wagenknecht CISSP | MCSE > Sr. Security Administrator > -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- > Never be afraid to try something new. > Remember, amateurs built the ark; professionals built the Titanic. > > This email may contain confidential and privileged information for the > sole use of the intended recipient. Any review or distribution by others > is strictly prohibited. If you are not the intended recipient, please > contact the sender and delete all copies of this email message. > > > > Shawn Cox wrote: > > >Why on earth would sasser skip 10.x.x.x? > > > >I would venture to say there are a lot of unpatched machines hiding behind > >corporate firewalls. > > > >I guess it could be that the target machines are mostly internet based home > >machines that have no 10.x.x.x ips to infect and would thus be wasted > >infection attempts. > > > >Blaster skipped 10.x.x.x too and was just wondering why... > > > >_______________________________________________ > >Full-Disclosure - We believe in it. > >Charter: http://lists.netsys.com/full-disclosure-charter.html > > > > > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
