Full Disclosure mailing list archives
Re: DDos counter measures
From: B3r3n <B3r3n () argosnet com>
Date: Fri, 15 Aug 2003 09:58:34 +0200
Gael,
Try some other tests using no A record for windowsupdate.com in your local zone, you will notice that the damages are even smaller doing that instead of localhost (127.0.0.1).We also tested this solution to answer nothing to query as with an unresolved domain. But finally the solution answered localhost was kept because we hope a machine SYN flooding will behave badly enough so its user creates a call and so we could know the machine requires to be patched.
Thanks for raising the idea, some others might prefer this version. Brgrds _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Windows Dcom Worm Killer, (continued)
- Windows Dcom Worm Killer w g (Aug 13)
- Re: Windows Dcom Worm Killer Joey (Aug 13)
- Re: Windows Dcom Worm Killer Nick FitzGerald (Aug 13)
- Re: Windows Dcom Worm Killer and source code w g (Aug 13)
- Windows Dcom Worm Killer w g (Aug 13)
- RE: Windows Dcom Worm planned DDoS VBuster (Aug 12)
- RE: Windows Dcom Worm planned DDoS Chris Eagle (Aug 14)
- DDos counter measures Laurent LEVIER (Aug 14)
- Re: DDos counter measures Nick FitzGerald (Aug 14)
- Re: DDos counter measures Gael Martinez (Aug 14)
- Re: DDos counter measures Charles Ballowe (Aug 15)
- Re: DDos counter measures B3r3n (Aug 15)
- Re: DDos counter measures Vladimir Parkhaev (Aug 14)
- Re: DDos counter measures Matthew Lange (Aug 15)
- RE: Windows Dcom Worm planned DDoS Chris Eagle (Aug 14)
- Re: DDos counter measures B3r3n (Aug 15)