[Full-Disclosure] RE: Possible new variant of Nachi
From: Schmehl, Paul L (pauls_at_utdallas.edu)
Date: 09/25/03
- Previous message: Joe Stewart: "Re: [Full-Disclosure] Swen Really Sucks"
- Next in thread: Ferris, Robin: "RE: [Full-Disclosure] RE: Possible new variant of Nachi"
- Maybe reply: Ferris, Robin: "RE: [Full-Disclosure] RE: Possible new variant of Nachi"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: <full-disclosure@lists.netsys.com> Date: Thu, 25 Sep 2003 13:40:29 -0500
Working hypothesis is as follows:
Hosts were turned off previously so they didn't show up in routine
scanning. Then they were turned on and got infected with Nachi. Nachi
patched for MS03-026. Then a scan showed them patched for MS03-026 but
not for MS03-039. Then snort reported their infection. So, it appears
to be a timing issue rather than something new.
Paul Schmehl (pauls@utdallas.edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/~pauls/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Previous message: Joe Stewart: "Re: [Full-Disclosure] Swen Really Sucks"
- Next in thread: Ferris, Robin: "RE: [Full-Disclosure] RE: Possible new variant of Nachi"
- Maybe reply: Ferris, Robin: "RE: [Full-Disclosure] RE: Possible new variant of Nachi"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
