Educause Security Discussion mailing list archives
Blaster will DOS NetReg
From: Phil Rodrigues <Phil.Rodrigues () UCONN EDU>
Date: Tue, 19 Aug 2003 12:23:51 -0400
Hi all, NetReg, by default, will redirect all namelookups to itself, including windowsupdate.com. This is how it is designed. Unfortunately, this means that hosts that are carried into your network by students that are already infected with Blaster will DOS (TCP port 80 synflood) the web server on NetReg, since they get leases with a DNS server that redirects windowsupdate.com to NetReg, which will cause the web server not to respond. We added a name record for windowsupdate.com that points to 127.0.0.1 to the DNS server on our NetReg box, which should solve the problem. Maybe you were smarter than us and already did this - if not, do it now. Phil ======================================= Philip A. Rodrigues Network Analyst, UITS University of Connecticut email: phil.rodrigues () uconn edu phone: 860.486.3743 fax: 860.486.6580 web: http://www.security.uconn.edu ======================================= ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- Blaster will DOS NetReg Phil Rodrigues (Aug 19)