Full Disclosure mailing list archives
Re: [Full-Disclosure] RE: Full-disclosure digest, Catching Sasser
From: Thomas Springer <tuevsec () gmx net>
Date: Wed, 05 May 2004 14:12:58 +0200
RTFM - the 4digit-number mentioned is random. maybe it'll help to expand your script to try 9999 combinations or scan 10.000 infected hosts. It shouldn't be much of a problem to find them - we still experience >50 different sasser-ips per second hammering our firewall.
tom RandallM wrote:
<|>---------ftp_commands------ <|>open <infected m/c IP> 5554 <|>anonymous <|>user <|>bin <|>get 7584_up.exe
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- [Full-Disclosure] RE: Full-disclosure digest, Catching Sasser RandallM (May 04)
- Re: [Full-Disclosure] RE: Full-disclosure digest, Catching Sasser Thomas Springer (May 05)
- Re: [Full-Disclosure] RE: Full-disclosure digest, Catching Sasser Jordan Wiens (May 05)
- <Possible follow-ups>
- RE: [Full-Disclosure] RE: Full-disclosure digest, Catching Sasser Shashank Rai (May 05)
- Re: [Full-Disclosure] RE: Full-disclosure digest, Catching Sasser Thomas Springer (May 05)