Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Windows Dcom Worm planned DDoS

From: "Wcc" <wcc () techmonkeys org>
Date: Wed, 13 Aug 2003 01:06:11 -0400
 


-----Original Message-----
From: full-disclosure-admin () lists netsys com 
[mailto:full-disclosure-admin () lists netsys com] On Behalf Of 
Andrew Thomas
Sent: Tuesday, August 12, 2003 6:00 AM
To: bugtraq () securityfocus com; full-disclosure () lists netsys com
Subject: [Full-disclosure] Windows Dcom Worm planned DDoS

Hi,

The examinations of the code so far indicate that the worm is 
coded to DoS the windowsupdate site from the 15th of August 
onwards through the end of the year.

I haven't seen anything mentioning whether or not the IP is
hardcoded. If not, shouldn't Microsoft just set the forward
resolve to 127.0.0.1 for a period of time?

That will probably save many, many $'s of wasted traffic.


True, and if the IP is hardcoded, then the machine can just
be assigned new IPs (and the others nulled), and operation would continue as
normal.  


--
Andrew G. Thomas
Hobbs & Associates Chartered Accountants (SA)
(o) +27-(0)21-683-0500
(f) +27-(0)21-683-0577
(m) +27-(0)83-318-4070 


Wcc

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: