Thread: Merged - Port blocking
View Single Post
Old 17-12-2003, 16:51   #50
threadbare
Inactive
 
threadbare's Avatar
 
Join Date: Nov 2003
Location: Wales
Posts: 459
threadbare is a glorious beacon of lightthreadbare is a glorious beacon of lightthreadbare is a glorious beacon of lightthreadbare is a glorious beacon of lightthreadbare is a glorious beacon of lightthreadbare is a glorious beacon of lightthreadbare is a glorious beacon of light
Re: Merged - Port blocking
Quote:
Originally Posted by Dooby
it was ACTIVE on other portsd ( it uses udp port 69, tftp, to retrieve its download, but it MUST make contact on port 135 in order to infect a machine, it relies on a vulnerability within the RPC service in windows that allows arbitrary code execution, without that, it cant do anything.
Other viruses do use other vulnerabilities in other services ( 137 for example is one of the filesharing ports, which also has similar vulnerabilities ) but they are not variants of blaster, they are different viruses, ok, I maybe splitting hairs, but claiming that blaster can spread using different ports is just wrong.
ok agreed. pointless splitting hairs over it. there's not likely to be too many new variants of blaster or welchia in the future and although it is possible for future variants to spread by other means, this is unlikely.
threadbare is offline   Reply With Quote