[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] DDos counter measures

To: "Matthew Lange" <matthew.lange@langeconsulting.com>
Subject: Re: [Full-Disclosure] DDos counter measures
From: B3r3n <B3r3n@argosnet.com>
Date: Fri, 15 Aug 2003 10:01:54 +0200

Matt,

>FYI - we tried this with the worm and it *doesn't* work.  msblast.exe
>spoofed the source address as the loopback address handed out from our
>DNS.  We instead created an empty windowsupdate.com zone.
It worked fine for us after multiple tests.
But thanks for the info, we have alternate counter-measures ready to be 
installed too.

Brgrds

Laurent LEVIER
IT Systems & Networks Security Expert


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- [Full-Disclosure] DDos counter measures
  - From: Laurent LEVIER <llevier@argosnet.com>
- RE: [Full-Disclosure] Windows Dcom Worm planned DDoS
  - From: Szappanos Gábor (VBuster) <gszappanos@virusbuster.hu>
- Re: [Full-Disclosure] DDos counter measures
  - From: "Matthew Lange" <matthew.lange@langeconsulting.com>

Prev by Date: RE: [Full-Disclosure] "MS Blast" Win2000 Patch Download
Next by Date: RE: [Full-Disclosure] msblast DDos counter measures (More Insight Maybe?)
Prev by thread: Re: [Full-Disclosure] DDos counter measures
Next by thread: [Full-Disclosure] MSblast worm
Index(es):
- Date
- Thread