Blaster will DOS NetReg

[Phil Rodrigues <Phil.Rodrigues () UCONN EDU>]

Hi all,

NetReg, by default, will redirect all namelookups to itself, including
windowsupdate.com.  This is how it is designed.  Unfortunately, this means
that hosts that are carried into your network by students that are already
infected with Blaster will DOS (TCP port 80 synflood) the web server on
NetReg, since they get leases with a DNS server that redirects
windowsupdate.com to NetReg, which will cause the web server not to
respond.

We added a name record for windowsupdate.com that points to 127.0.0.1 to
the DNS server on our NetReg box, which should solve the problem.  Maybe
you were smarter than us and already did this - if not, do it now.

Phil

=======================================
Philip A. Rodrigues
Network Analyst, UITS
University of Connecticut

email: phil.rodrigues () uconn edu
phone: 860.486.3743
fax: 860.486.6580
web: http://www.security.uconn.edu
=======================================

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.