Full Disclosure mailing list archives

Re: DDos counter measures

From: B3r3n <B3r3n () argosnet com>
Date: Fri, 15 Aug 2003 10:01:54 +0200

Matt,

FYI - we tried this with the worm and it *doesn't* work.  msblast.exe
spoofed the source address as the loopback address handed out from our
DNS.  We instead created an empty windowsupdate.com zone.

It worked fine for us after multiple tests.

But thanks for the info, we have alternate counter-measures ready to beinstalled too.


Brgrds

Laurent LEVIER
IT Systems & Networks Security Expert


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Re: Windows Dcom Worm Killer and source code, (continued)
- - - Re: Windows Dcom Worm Killer and source code w g (Aug 13)
- RE: Windows Dcom Worm planned DDoS VBuster (Aug 12)
  - RE: Windows Dcom Worm planned DDoS Chris Eagle (Aug 14)
    - DDos counter measures Laurent LEVIER (Aug 14)
    - Re: DDos counter measures Nick FitzGerald (Aug 14)
    - Re: DDos counter measures Gael Martinez (Aug 14)
    - Re: DDos counter measures Charles Ballowe (Aug 15)
    - Re: DDos counter measures B3r3n (Aug 15)
    - Re: DDos counter measures Vladimir Parkhaev (Aug 14)
    - Re: DDos counter measures Matthew Lange (Aug 15)
  - Message not available
    - Re: DDos counter measures B3r3n (Aug 15)