Full Disclosure mailing list archives
Re: Windows Dcom Worm planned DDoS
From: "Matthew Murphy" <mattmurphy () kc rr com>
Date: Tue, 12 Aug 2003 11:39:26 -0500
"Nick FitzGerald" <nick () virus-l demon co uk> writes:
And, of course, if MS started messing with the DNS entries for windowsupdate.com, it would be cutting an awful lot of users off from much needed updates. which could be as disturbing as the rest of the worm's effects...
Well, this could potentially be the case. However, the actual domain used by the WU server is "windowsupdate.microsoft.com". At this point, "windowsupdate.com" is just a redirect for sloppy admins/users. The WU binaries distributed with systems (i.e, Automatic Updating on Windows XP), and the internal Microsoft documentation all point users to "windowsupdate.microsoft.com", so disabling the DNS of "windowsupdate.com" would not prevent updating if the user has the proper reference material at hand. That said, even if Microsoft *did* mess with the DNS, that would result in a flurry of port 53 traffic to perform the resolutions. Also, you still have a potential for a slight negative effect on patch distribution, and patch distribution is a *needed* channel. Of course, if WU gets taken down by the floods, we're back at square one, as WU remains the primary distribution mechanism for patches to home users. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: [normal] RE: Windows Dcom Worm planned DDoS, (continued)
- Re: [normal] RE: Windows Dcom Worm planned DDoS martin f krafft (Aug 12)
- Re: [normal] RE: Windows Dcom Worm planned DDoS martin f krafft (Aug 12)
- RE: Re: [normal] RE: Windows Dcom Worm planned DDoS Marc Maiffret (Aug 12)
- Re: [normal] RE: Windows Dcom Worm planned DDoS James Greenhalgh (Aug 12)
- Re: [normal] RE: Windows Dcom Worm planned DDoS morning_wood (Aug 12)
- RE: Windows Dcom Worm planned DDoS Andrew Thomas (Aug 12)
- Re: Windows Dcom Worm planned DDoS Franky Van Liedekerke (Aug 12)
- Re: Windows Dcom Worm planned DDoS Jeremiah Cornelius (Aug 12)
- RE: Windows Dcom Worm planned DDoS Nick FitzGerald (Aug 12)
- Re: Windows Dcom Worm planned DDoS Valdis . Kletnieks (Aug 13)
- Re: Windows Dcom Worm planned DDoS Max Valdez (Aug 15)
- Re: Windows Dcom Worm planned DDoS Valdis . Kletnieks (Aug 16)
- Re: Windows Dcom Worm planned DDoS martin f krafft (Aug 12)
- Re: Re: Windows Dcom Worm planned DDoS Sebastian Niehaus (Aug 13)
- Windows Dcom Worm Killer w g (Aug 13)