Re: NetSky.q Virus. Looking for more detailed information on how the DOS will be performed.

["Paul" <paul () edonkey2000 com>]

I just wanted to say thanks to all the people who responded, I think we have
enough information to build a decent set of firewall rules to drop the incoming
packets at the access points.


Moving forward, I don't really understand why this information was so hard to get
in the first place, all of the A/V vendors make the virus client payload information
easily and freely accessible on their websites, why the detailed information on
the actuall attack the virus was designed was left out is beyond me. I understand
and sympathise that this would be conisdered extremely technical information, but
making it available as a subtext or in a linked analysis document shouldn't be to
hard.


thank you all
paul


> ------------Original Message------------
> From: "Paul" <paul () edonkey2000 com>
> To: bugtraq () securityfocus com
> Date: Tue, Mar-30-2004 1:52 PM
> Subject: NetSky.q Virus. Looking for more detailed information on how the DOS will be performed.
>
> Hi, 
>
> I work for one of the companies about to be hit with the dDOS attack 7-12 from the NetSky.Q virus. 
> http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.q () mm html
>
> I am looking for more detailed information on exactly how the dDOS attack will be performed, ports used, request
> type, packet size, etc. In hopes of getting enough information to work with our providers for an adequate defense.
>
> The online AV sites concentrate on the end user response (how to clean, what it does to their PC etc).
>
>
>
> Does anyone have this information?
> paul