Full Disclosure mailing list archives
Re: DDos counter measures
From: B3r3n <B3r3n () argosnet com>
Date: Fri, 15 Aug 2003 10:01:54 +0200
Matt,
FYI - we tried this with the worm and it *doesn't* work. msblast.exe spoofed the source address as the loopback address handed out from our DNS. We instead created an empty windowsupdate.com zone.
It worked fine for us after multiple tests.But thanks for the info, we have alternate counter-measures ready to be installed too.
Brgrds Laurent LEVIER IT Systems & Networks Security Expert _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Windows Dcom Worm Killer and source code, (continued)
- Re: Windows Dcom Worm Killer and source code w g (Aug 13)
- RE: Windows Dcom Worm planned DDoS VBuster (Aug 12)
- RE: Windows Dcom Worm planned DDoS Chris Eagle (Aug 14)
- DDos counter measures Laurent LEVIER (Aug 14)
- Re: DDos counter measures Nick FitzGerald (Aug 14)
- Re: DDos counter measures Gael Martinez (Aug 14)
- Re: DDos counter measures Charles Ballowe (Aug 15)
- Re: DDos counter measures B3r3n (Aug 15)
- Re: DDos counter measures Vladimir Parkhaev (Aug 14)
- Re: DDos counter measures Matthew Lange (Aug 15)
- RE: Windows Dcom Worm planned DDoS Chris Eagle (Aug 14)
- Message not available
- Re: DDos counter measures B3r3n (Aug 15)