AP story on Msoft blocking Mydoom.B

[Dave Farber <dave () farber net>]

-----Original Message-----
From: "Charles Arthur, The Independent" <carthur () independent co uk>
Date: Wed, 04 Feb 2004 12:45:48 
To:dave () farber net
Cc:mary.shaw () cs cmu edu
Subject: Re: [IP] AP story on Msoft blocking Mydoom.B

Hi ...

At 7:32 am -0500 on 4/2/04, you wrote:
> Here's the AP story on Microsoft resisting the Mydoom.B virus attack.  The
> sentence, "Microsoft did say that computers infected with the virus would
> not be able to access Microsoft's Web site." is particularly interesting.
> How do you suppose they detect infection in order to block access?

(1) set up list of IP addresses sending pings to MSoft in manner of
MyDoom-infected PC: add those to your server's "deny" list.

That's it.

For dynamically-assigned addresses, have the blocklist in (1) drop an IP
address after no pings received for eg 2hrs.

Should be perhaps 30 minutes' work (tops) for any decent programmer. I hear
MS has some to spare.


        best
        Charles
-- 
 -------------------------------------------------------------------
The Independent newspaper on the Web: http://www.independent.co.uk/
        It's even better on paper

________________________________________________________________________
This email has been scanned for all viruses by the MessageLabs Email
Security System. For more information on a proactive email security
service working around the clock, around the globe, visit
http://www.messagelabs.com
________________________________________________________________________

-------------------------------------
You are subscribed as interesting-people () lists elistx com
To manage your subscription, go to
  http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/