Full Disclosure mailing list archives
Re: msblast is starting now
From: "Bernie, CTA" <cta () hcsin net>
Date: Fri, 15 Aug 2003 12:59:24 -0400
Now I don't think that was such a smart move. It wouldn't take much to setup a bunch of bogus DNS servers to answer as "windowsupdate.com" with a pointer to a new A record, or better yet, round-robin to an infinite number of FQDN, or IP addresses. In fact, a new variant placed on compromised system could help (direct) windows TCP/IP to find and use these bogus NS, giving almost endless control of the target address. Hey, great pre-school project for the script kiddies! On 15 Aug 2003 at 12:05, Jonathan Rickman wrote:
-----BEGIN PGP SIGNED MESSAGE----- On Friday 15 August 2003 07:03, B3r3n wrote:msblast start now on far eastern countries. We have a site in Auckland and so I'll know soon if our DNS to localhost protection is valuable.It is irrelevant now. MS has removed the DNS entries for windowsupdate.com.
- **************************************************** Bernie Chief Technology Architect Chief Security Officer cta () hcsin net Euclidean Systems, Inc. ******************************************************* // "There is no expedient to which a man will not go // to avoid the pure labor of honest thinking." // Honest thought, the real business capital. // Observe> Think> Plan> Think> Do> Think> ******************************************************* _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- msblast is starting now B3r3n (Aug 15)
- Re: msblast is starting now Vladimir Parkhaev (Aug 15)
- Re: msblast is starting now Jonathan Rickman (Aug 15)
- Re: msblast is starting now Bernie, CTA (Aug 15)
- Re: msblast is starting now Bernie, CTA (Aug 15)