Full Disclosure mailing list archives
RE: Windows Dcom Worm planned DDoS
From: "Andrew Thomas" <andrewt () nmh co za>
Date: Tue, 12 Aug 2003 13:37:15 +0200
From: Chris Eagle [mailto:cseagle () redshift com] Sent: 12 August 2003 01:31 Subject: RE: [Full-disclosure] Windows Dcom Worm planned DDoS The IP is not hard coded. It does a lookup on "windowsupdate.com"
Allowing the option for corporates and/or isp's to dns poison that to resolve to 127.0.0.1, or even dns race with tools like team teso's if one doesn't use internal/cacheing NS. Might save some traffic on 15 August. Alternative, route all traffic to the resolved IP addresses to /dev/null, but with the above, the traffic shouldn't even leave the machine in question. -- Andrew G. Thomas Hobbs & Associates Chartered Accountants (SA) (o) +27-(0)21-683-0500 (f) +27-(0)21-683-0577 (m) +27-(0)83-318-4070 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Windows Dcom Worm planned DDoS Andrew Thomas (Aug 12)
- RE: Windows Dcom Worm planned DDoS Chris Eagle (Aug 12)
- RE: Windows Dcom Worm planned DDoS Andrew Thomas (Aug 12)
- Re: [normal] RE: Windows Dcom Worm planned DDoS opticfiber (Aug 12)
- Re: [normal] RE: Windows Dcom Worm planned DDoS martin f krafft (Aug 12)
- Re: [normal] RE: Windows Dcom Worm planned DDoS martin f krafft (Aug 12)
- RE: Re: [normal] RE: Windows Dcom Worm planned DDoS Marc Maiffret (Aug 12)
- RE: Windows Dcom Worm planned DDoS Andrew Thomas (Aug 12)
- Re: [normal] RE: Windows Dcom Worm planned DDoS James Greenhalgh (Aug 12)
- Re: [normal] RE: Windows Dcom Worm planned DDoS morning_wood (Aug 12)
- RE: Windows Dcom Worm planned DDoS Chris Eagle (Aug 12)
- RE: Windows Dcom Worm planned DDoS Andrew Thomas (Aug 12)
- Re: Windows Dcom Worm planned DDoS Franky Van Liedekerke (Aug 12)
- Re: Windows Dcom Worm planned DDoS Jeremiah Cornelius (Aug 12)