| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 12 Aug 2003 04:30:47 -0700 From: "Chris Eagle" <cseagle@...shift.com> To: "Andrew Thomas" <andrewt@....co.za>, <bugtraq@...urityfocus.com>, <full-disclosure@...ts.netsys.com> Subject: RE: Windows Dcom Worm planned DDoS The IP is not hard coded. It does a lookup on "windowsupdate.com" Chris -----Original Message----- From: full-disclosure-admin@...ts.netsys.com [mailto:full-disclosure-admin@...ts.netsys.com]On Behalf Of Andrew Thomas Sent: Tuesday, August 12, 2003 3:00 AM To: bugtraq@...urityfocus.com; full-disclosure@...ts.netsys.com Subject: [Full-Disclosure] Windows Dcom Worm planned DDoS Hi, The examinations of the code so far indicate that the worm is coded to DoS the windowsupdate site from the 15th of August onwards through the end of the year. I haven't seen anything mentioning whether or not the IP is hardcoded. If not, shouldn't Microsoft just set the forward resolve to 127.0.0.1 for a period of time? That will probably save many, many $'s of wasted traffic. -- Andrew G. Thomas Hobbs & Associates Chartered Accountants (SA) (o) +27-(0)21-683-0500 (f) +27-(0)21-683-0577 (m) +27-(0)83-318-4070 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists