[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] DDos counter measures

To: full-disclosure@lists.netsys.com
Subject: Re: [Full-Disclosure] DDos counter measures
From: Charles Ballowe <hangman@steelballs.org>
Date: Thu, 14 Aug 2003 21:10:27 -0500

Microsoft could solve lots of problems -- just have their name servers
return 216.250.140.112 for those names. ;)

(hint: point a browser at that IP, the reverse tables for it don't give
you a useful name...)

On Thu, Aug 14, 2003 at 08:12:37PM -0500, Gael Martinez wrote:
> Try some other tests using no A record for windowsupdate.com in your local zone,
> you will notice that the damages are even smaller doing that instead of localhost (127.0.0.1).
> 
> Gael
> 
> 
> On Thu, Aug 14, 2003 at 08:04:54PM +0200, Laurent LEVIER wrote:
> > All,
> > 
> > Since our IntraNet solves all its DNS queries through internal caches 
> > (mandatory bottleneck), we created windowsupdate.com & 
> > windowsupdate.microsoft.com zones in this bottleneck DNS. These are 
> > resolving to 127.0.0.1 with DNS wildcards.
> > 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- RE: [Full-Disclosure] Windows Dcom Worm planned DDoS
  - From: Szappanos Gábor (VBuster) <gszappanos@virusbuster.hu>
- [Full-Disclosure] DDos counter measures
  - From: Laurent LEVIER <llevier@argosnet.com>
- Re: [Full-Disclosure] DDos counter measures
  - From: Gael Martinez <gael@magicnet.org>

Prev by Date: Re: [Full-Disclosure] MS should point windowsupdate.com to 127.0.0.1
Next by Date: [Full-Disclosure] Administrivia: Power and Backlogs
Prev by thread: Re: [Full-Disclosure] DDos counter measures
Next by thread: Re: [Full-Disclosure] DDos counter measures
Index(es):
- Date
- Thread