[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [normal] RE: [Full-Disclosure] Windows Dcom Worm planned DDoS

To: "opticfiber" <opticfiber@topsight.net>
Subject: Re: [normal] RE: [Full-Disclosure] Windows Dcom Worm planned DDoS
From: "morning_wood" <se_cur_ity@hotmail.com>
Date: Tue, 12 Aug 2003 09:28:59 -0700

i kinda agree that simple http redirection works best here
windowsupdate.com -------> wescrewedup.microsoft.com
as the attacking agent is not http, and http is what is needed, hell you
could also
only allow port 80 tcp/ip requests on the filters as well. Dropping
everything else
at the border.
going 127.0.0.1 for a day or two is also an idea
or not

morning_wood
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- RE: [Full-Disclosure] Windows Dcom Worm planned DDoS
  - From: "Andrew Thomas" <andrewt@nmh.co.za>
- Re: [normal] RE: [Full-Disclosure] Windows Dcom Worm planned DDoS
  - From: opticfiber <opticfiber@topsight.net>
- Re: [normal] RE: [Full-Disclosure] Windows Dcom Worm planned DDoS
  - From: James Greenhalgh <james.greenhalgh@worldpay.com>

Prev by Date: [Full-Disclosure] short Blaster propagation algorithm analysis
Next by Date: Re: [Full-Disclosure] Windows Dcom Worm planned DDoS
Prev by thread: Re: [normal] RE: [Full-Disclosure] Windows Dcom Worm planned DDoS
Next by thread: Re: [Full-Disclosure] Windows Dcom Worm planned DDoS
Index(es):
- Date
- Thread