nanog mailing list archives
Re: Impending (mydoom) DOS attack
From: "Laurence F. Sheldon, Jr." <larrysheldon () cox net>
Date: Sat, 31 Jan 2004 17:48:13 -0600
I believe there is major and perhaps fatal flaw in this analysis. Valdis.Kletnieks () vt edu wrote:
On Sat, 31 Jan 2004 18:24:42 GMT, "Stephen J. Wilcox" said:I'm not sure what the point of the DoS is if its intended to be a spam engine, that would have the effect of helping to identify and hence clean up the infections.Ahh.. you didn't take the time to think it through. ;) Consider - the perpetrator releases a *very* noisy worm with a DDoS engine on it (admittedly buggy). Then you go on vacation someplace warm and sunny, where visually attractive people of your preferred gender are walking around wearing a lot more than you need to wear where you were...
^^^^ The analysis works if that was the word "less".
Computers catch it. Computers spew it. Computers do their DDoS tapdance. Hopefully users and ISP staff notice and take action. Then 3 weeks later, you come back, tanned and rested - and run another scan. If you find your spam backdoor on port 3127 *still* open on a machine, you can be fairly sure you can spam away with impunity - if the user and their ISP didn't notice the box spewing mail the FIRST time, they won't notice the second time.....
I doubt that the length of 3 is important. Based on my past experience "Then 3 weeks later" can be replaced by "Some time later when the cold is gone".
Current thread:
- Re: Impending (mydoom) DOS attack, (continued)
- Re: Impending (mydoom) DOS attack Leo Bicknell (Jan 30)
- Lack of Info (was Re: Impending (mydoom) DOS attack) Sean Donelan (Jan 30)
- Re: Impending (mydoom) DOS attack Mike Tancsa (Jan 30)
- MyDoom statistics (was Re: Impending (mydoom) DOS attack) Sean Donelan (Jan 30)
- Re: Impending (mydoom) DOS attack Donovan Hill (Jan 30)
- Re: Impending (mydoom) DOS attack Leo Bicknell (Jan 30)
- Re: Impending (mydoom) DOS attack Laurence F. Sheldon, Jr. (Jan 30)
- Re: Impending (mydoom) DOS attack Donovan Hill (Jan 30)
- Re: Impending (mydoom) DOS attack Stephen J. Wilcox (Jan 31)
- Re: Impending (mydoom) DOS attack Valdis . Kletnieks (Jan 31)
- Re: Impending (mydoom) DOS attack Laurence F. Sheldon, Jr. (Jan 31)
- Re: Impending (mydoom) DOS attack Leo Bicknell (Jan 30)
- Re: Impending (mydoom) DOS attack Leo Bicknell (Jan 30)
- Re: Impending (mydoom) DOS attack Mikael Abrahamsson (Jan 30)