| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: jasper599 at hotmail.com (Jasper Blackwell) Subject: MSBlast DDoS Hi All, I should have kept on reading the list after TC's post and I would have found the answer to my question, doh :). It's early here and I hadn't had any caffine yet, always a bad idea trying to think before my morning caffine :). Anyway another question for you all. We are having some success here tracking infected machines by looking for dropped 135 connection attempts to Internet IP addresses on our Internet firewall log. I am wondering what the DoS traffic is going to look like on our firewall logs should any infections still be with us on the 16th. Our setup requires PCs to connect to the Internet through proxy servers and those proxy servers IP addresses are allowed through the firewall, the PC's IP address ranges are not. Does anyone know if the DoS which works on port 80, according to the Eeye advisory, is going to go through the proxy servers or just straight to the firewall? I would guess it will go through the proxy servers. Also any clues what to look for on the firewall logs? Again if it goes through the proxy servers I suppose looking for a lot of traffic from our proxies to the windows update site, using TCP traffic. Jasp _________________________________________________________________ Hotmail messages direct to your mobile phone http://www.msn.co.uk/msnmobile
Powered by blists - more mailing lists