[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Blaster: will it spread without tftp?

To: Maarten <subscriptions@hartsuijker.com>
Subject: Re: [Full-Disclosure] Blaster: will it spread without tftp?
From: Valdis.Kletnieks@vt.edu
Date: Tue, 12 Aug 2003 17:12:36 -0400

On Tue, 12 Aug 2003 22:19:19 +0200, Maarten <subscriptions@hartsuijker.com>  said:

> - since tftp servers can not be accessed, msblaster.exe can not be
> downloaded
> - since msblaster.exe can not be downloaded these other systems will not
> start to infect other systems...
> 
> Am I correct on these last two points?

The tftp connection is made back to the machine that sent the original infection vector.

So if somebody brings in a contaminated laptop, that laptop will start attacking, and
any machines that get whacked will call that laptop for their tftp connection.  Then
those machines will start scanning, and if THEY find any vulnerable machines they'll
whack them - and those just-whacked machines will call back to the one that whacked
them, not the original laptop, and so on..

PGP signature

References:
- RE: [Full-Disclosure] ISS Security Brief: "MS Blast" MSRPC DCOM Worm Propagation (fwd)
  - From: "Evans, Arian" <Arian.Evans@fishnetsecurity.com>
- [Full-Disclosure] Blaster: will it spread without tftp?
  - From: "Maarten" <subscriptions@hartsuijker.com>

Prev by Date: Re: [Full-Disclosure] Windows Dcom Worm planned DDoS
Next by Date: RE: [Full-Disclosure] DDoS on the 16th - Fail if no DNS resolution?
Prev by thread: Re: [Full-Disclosure] Blaster: will it spread without tftp?
Next by thread: RE: [Full-Disclosure] ISS Security Brief: "MS Blast" MSRPC DCOM WormPropagation (fwd)
Index(es):
- Date
- Thread