[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Full-Disclosure] Windows Dcom Worm planned DDoS

To: <bugtraq@securityfocus.com>, <full-disclosure@lists.netsys.com>
Subject: RE: [Full-Disclosure] Windows Dcom Worm planned DDoS
From: "Wcc" <wcc@techmonkeys.org>
Date: Wed, 13 Aug 2003 01:06:11 -0400

 

> -----Original Message-----
> From: full-disclosure-admin@lists.netsys.com 
> [mailto:full-disclosure-admin@lists.netsys.com] On Behalf Of 
> Andrew Thomas
> Sent: Tuesday, August 12, 2003 6:00 AM
> To: bugtraq@securityfocus.com; full-disclosure@lists.netsys.com
> Subject: [Full-Disclosure] Windows Dcom Worm planned DDoS
> 
> Hi,
> 
> The examinations of the code so far indicate that the worm is 
> coded to DoS the windowsupdate site from the 15th of August 
> onwards through the end of the year.
> 
> I haven't seen anything mentioning whether or not the IP is
> hardcoded. If not, shouldn't Microsoft just set the forward
> resolve to 127.0.0.1 for a period of time?
> 
> That will probably save many, many $'s of wasted traffic.

True, and if the IP is hardcoded, then the machine can just
be assigned new IPs (and the others nulled), and operation would continue as
normal.  

> --
> Andrew G. Thomas
> Hobbs & Associates Chartered Accountants (SA)
> (o) +27-(0)21-683-0500
> (f) +27-(0)21-683-0577
> (m) +27-(0)83-318-4070 

Wcc

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- [Full-Disclosure] Windows Dcom Worm Killer
  - From: w g <xillwillx@yahoo.com>

References:
- [Full-Disclosure] Windows Dcom Worm planned DDoS
  - From: "Andrew Thomas" <andrewt@nmh.co.za>

Prev by Date: Re: [Full-Disclosure] Blaster: will it spread without tftp?
Next by Date: Re: [Full-Disclosure] dobble-clicking msblast.exe
Prev by thread: Re: [Full-Disclosure] Windows Dcom Worm planned DDoS
Next by thread: [Full-Disclosure] Windows Dcom Worm Killer
Index(es):
- Date
- Thread