Re: Impending (mydoom) DOS attack

["Laurence F. Sheldon, Jr." <larrysheldon () cox net>]

I believe there is major and perhaps fatal flaw in this analysis.

Valdis.Kletnieks () vt edu wrote:
> On Sat, 31 Jan 2004 18:24:42 GMT, "Stephen J. Wilcox" said:
> > I'm not sure what the point of the DoS is if its intended to be a spam engine,
> > that would have the effect of helping to identify and hence clean up the
> > infections.
>
> Ahh.. you didn't take the time to think it through. ;)
>
> Consider - the perpetrator releases a *very* noisy worm with a DDoS engine
> on it (admittedly buggy).  Then you go on vacation someplace warm and sunny,
> where visually attractive people of your preferred gender are walking around
> wearing a lot more than you need to wear where you were...
                ^^^^

The analysis works if that was the word "less".

> Computers catch it.  Computers spew it.  Computers do their DDoS tapdance.
> Hopefully users and ISP staff notice and take action.
>
> Then 3 weeks later, you come back, tanned and rested - and run another
> scan.  If you find your spam backdoor on port 3127 *still* open on a
> machine, you can be fairly sure you can spam away with impunity - if the
> user and their ISP didn't notice the box spewing mail the FIRST time, they
> won't notice the second time.....

I doubt that the length of 3 is important.  Based on my past
experience "Then 3 weeks later" can be replaced by "Some time later when
the cold is gone".