Full Disclosure mailing list archives
RE: Re: [normal] RE: Windows Dcom Worm planned DDoS
From: "Marc Maiffret" <marc () eeye com>
Date: Tue, 12 Aug 2003 11:19:02 -0700
Everyone seems a little confused on the windowsupdate.com DDoS. It is a rather mute point as it is easily fixable. They just need to remap it to 127.0.0.1 and all the SYN's will die on the local host of the infected machine. Routing windowsupdate.com to 127.0.0.1 will not break anyone's ability to get patches as "windowsupdate.com" is not directly used. That is only a workaround for this single host attack though, in the end everyone (even patched people) can get screwed by this flaw and new worms until enough people have patched. eEye Blaster Worm Analysis http://www.eeye.com/html/Research/Advisories/AL20030811.html Signed, Marc Maiffret Chief Hacking Officer eEye Digital Security T.949.349.9062 F.949.349.9538 http://eEye.com/Retina - Network Security Scanner http://eEye.com/Iris - Network Traffic Analyzer http://eEye.com/SecureIIS - Stop known and unknown IIS vulnerabilities | -----Original Message----- | From: full-disclosure-admin () lists netsys com | [mailto:full-disclosure-admin () lists netsys com]On Behalf Of martin f | krafft | Sent: Tuesday, August 12, 2003 9:27 AM | To: full-disclosure () lists netsys com | Subject: [Full-disclosure] Re: [normal] RE: Windows Dcom Worm planned | DDoS | | | also sprach martin f krafft <madduck () madduck net> [2003.08.12.1654 +0200]: | > Why on earth would you want to help protect Micro$oft's service? | > Either they can deal with their crap themselves, or you should be | > using proper software. I'll probably make sure to infect a couple of | > computers on Saturday just for the sake of DoS'ing their site. | | And aside, we are talking about a SYN flood attack here, no? If | Micro$oft can't deal with those, knowing of their advent, then they | aren't worth being helped. | | -- | martin; (greetings from the heart of the sun.) | \____ echo mailto: !#^."<*>"|tr "<*> mailto:" net@madduck | | invalid/expired pgp subkeys? use subkeys.pgp.net as keyserver! | | tempt not a desperate man. | -- william shakespeare | _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Windows Dcom Worm planned DDoS Andrew Thomas (Aug 12)
- RE: Windows Dcom Worm planned DDoS Chris Eagle (Aug 12)
- RE: Windows Dcom Worm planned DDoS Andrew Thomas (Aug 12)
- Re: [normal] RE: Windows Dcom Worm planned DDoS opticfiber (Aug 12)
- Re: [normal] RE: Windows Dcom Worm planned DDoS martin f krafft (Aug 12)
- Re: [normal] RE: Windows Dcom Worm planned DDoS martin f krafft (Aug 12)
- RE: Re: [normal] RE: Windows Dcom Worm planned DDoS Marc Maiffret (Aug 12)
- RE: Windows Dcom Worm planned DDoS Andrew Thomas (Aug 12)
- Re: [normal] RE: Windows Dcom Worm planned DDoS James Greenhalgh (Aug 12)
- Re: [normal] RE: Windows Dcom Worm planned DDoS morning_wood (Aug 12)
- RE: Windows Dcom Worm planned DDoS Chris Eagle (Aug 12)
- RE: Windows Dcom Worm planned DDoS Andrew Thomas (Aug 12)
- Re: Windows Dcom Worm planned DDoS Franky Van Liedekerke (Aug 12)
- Re: Windows Dcom Worm planned DDoS Jeremiah Cornelius (Aug 12)
- RE: Windows Dcom Worm planned DDoS Nick FitzGerald (Aug 12)
- Re: Windows Dcom Worm planned DDoS Valdis . Kletnieks (Aug 13)
- Re: Windows Dcom Worm planned DDoS Max Valdez (Aug 15)