nanog mailing list archives
Code Red : Any whitehouse.gov people around?
From: Jasper Wallace <jasper () ivision co uk>
Date: Fri, 20 Jul 2001 00:41:06 +0100 (BST)
According to a recent post on bugtraq the worm is going to switch from infecting webservers to DDOS'ing whitehouse.gov in about 1/2 an hour or so. Now i'm not certain if the worm has a hardcoded ip to attack or will do a DNS lookup for whitehouse.gov, but if it is going to do a dns lookup then they've still got a chance to change the A records in their dns records to something else, like 127.0.0.1. Unfortunatly this will make it hard for people to track down and fix infected boxes, so if they could use an ip in a non-routable block, that's unlickley to be used for anything else, e.g. 192.0.2.1, which in on the 'TEST-NET', or possible on 192.0.0.1, which is on the range HP use for printer auto configuration (they only use 192.0.0.192). The TTL on the A RR for whitehouse.gov is 24 hours unfortunatly. :-( -- Internet Vision Internet Consultancy Tel: 020 7589 4500 60 Albert Court & Web development Fax: 020 7589 4522 Prince Consort Road vision () ivision co uk London SW7 2BE http://www.ivision.co.uk/
Current thread:
- Code Red : Any whitehouse.gov people around? Jasper Wallace (Jul 19)
- Re: Code Red : Any whitehouse.gov people around? Sabri Berisha (Jul 20)
- Re: Code Red : Any whitehouse.gov people around? Etaoin Shrdlu (Jul 20)
- <Possible follow-ups>
- RE: Code Red : Any whitehouse.gov people around? Mike Najarian (Jul 20)
- Cabinet/FDDI at MAE-West (55 Market) Andrew Staples (Jul 20)
- Re: Code Red : Any whitehouse.gov people around? Alan Hannan (Jul 20)
- RE: Code Red : Any whitehouse.gov people around? Ariel Biener (Jul 20)
- Free Code Red checker Seth M. Kusiak (Jul 20)
- Re: Free Code Red checker Gary E. Miller (Jul 20)
- Re: Free Code Red checker Larry Sheldon (Jul 20)
- Re: Code Red : Any whitehouse.gov people around? Sabri Berisha (Jul 20)