Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Windows Dcom Worm planned DDoS

From: "Chris Eagle" <cseagle () redshift com>
Date: Tue, 12 Aug 2003 04:30:47 -0700
The IP is not hard coded.  It does a lookup on "windowsupdate.com"

Chris

-----Original Message-----
From: full-disclosure-admin () lists netsys com
[mailto:full-disclosure-admin () lists netsys com]On Behalf Of Andrew
Thomas
Sent: Tuesday, August 12, 2003 3:00 AM
To: bugtraq () securityfocus com; full-disclosure () lists netsys com
Subject: [Full-disclosure] Windows Dcom Worm planned DDoS


Hi,

The examinations of the code so far indicate that the worm is 
coded to DoS the windowsupdate site from the 15th of August 
onwards through the end of the year.

I haven't seen anything mentioning whether or not the IP is
hardcoded. If not, shouldn't Microsoft just set the forward
resolve to 127.0.0.1 for a period of time?

That will probably save many, many $'s of wasted traffic.

--
Andrew G. Thomas
Hobbs & Associates Chartered Accountants (SA)
(o) +27-(0)21-683-0500
(f) +27-(0)21-683-0577
(m) +27-(0)83-318-4070 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: