nanog mailing list archives
netsky issue.
From: "Jamie Reid" <Jamie.Reid () mbs gov on ca>
Date: Mon, 08 Mar 2004 21:12:55 -0500
If you have a look at http://vil.nai.com/vil/content/v_101083.htm There is a list of IP addresses that are nameservers which are hard-coded into the worm. It spreads by e-mail (currently) and thus it can be blocked using anti-virus filters. My concern is that these addrs are all for nameservers, which could be authoritative for other domains, and by blocking these servers any domains they host could be effectively put out of commission. I am not aware of an easy way to find out all the domains registered to a particular nameserver, and the trend of blocking addrs that appear in worm code is starting to concern me a bit. It is not indicated how blocking these servers will have an appreciable effect on the worm propagation (unless it gets a second stage from them), and I wonder if anyone else has similar concerns, or an opinion on whether these IP addresses should actually be blocked. Regards, -j -- Jamie.Reid, CISSP, jamie.reid () mbs gov on ca Senior Security Specialist, Information Protection Centre Corporate Security, MBS 416 327 2324
Attachment:
TEXT.htm
Description:
Current thread:
- netsky issue. Jamie Reid (Mar 08)
- Re: netsky issue. Simon Leinen (Mar 09)