RE: The impending DDoS storm

["McBurnett, Jim" <jmcburnett () msmgmt com>]

But doesn't that mean the hacker won?
If you change the DNS and a user can not get to 
windowsupdate, you just helped him create a better
DoS than he had...


J

-----Original Message-----
From: Lloyd Taylor [mailto:ltaylor () keynote com]
Sent: Wednesday, August 13, 2003 12:26 PM
To: Jack Bates
Cc: nanog () merit edu
Subject: Re: The impending DDoS storm



Does anyone have any notion of what the Blaster worm will do if the
DNS lookup for "windowsupdate.com" returns NXDOMAIN?  If it handles this
case by not sending any micreant love, might that not be the best way
to mitigate the potential damage?

--Lloyd

On Wed, 13 Aug 2003, Jack Bates wrote:

> Date: Wed, 13 Aug 2003 11:10:13 -0500
> From: Jack Bates <jbates () brightok net>
> To: Jason Frisvold <friz () corp ptd net>
> Cc: "Ingevaldson, Dan (ISS Atlanta)" <dsi () iss net>,
>      Stephen J. Wilcox <steve () telecomplete co uk>, nanog () merit edu
> Subject: Re: The impending DDoS storm
>
>
> On Wed, 2003-08-13 at 10:55, Ingevaldson, Dan (ISS Atlanta) wrote:
> > -Does one DNS lookup on "windowsupdate.com" and then uses the IP
>
> No, I wouldn't dream of setting windowsupdate.com to 127.0.0.1. Who in 
> their right mind would do that?
>
> -Jack

--