lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 12 Aug 2003 13:37:15 +0200 From: "Andrew Thomas" <andrewt@....co.za> To: "'Chris Eagle'" <cseagle@...shift.com>, <bugtraq@...urityfocus.com>, <full-disclosure@...ts.netsys.com> Subject: RE: Windows Dcom Worm planned DDoS > From: Chris Eagle [mailto:cseagle@...shift.com] > Sent: 12 August 2003 01:31 > Subject: RE: [Full-Disclosure] Windows Dcom Worm planned DDoS > > > The IP is not hard coded. It does a lookup on "windowsupdate.com" Allowing the option for corporates and/or isp's to dns poison that to resolve to 127.0.0.1, or even dns race with tools like team teso's if one doesn't use internal/cacheing NS. Might save some traffic on 15 August. Alternative, route all traffic to the resolved IP addresses to /dev/null, but with the above, the traffic shouldn't even leave the machine in question. -- Andrew G. Thomas Hobbs & Associates Chartered Accountants (SA) (o) +27-(0)21-683-0500 (f) +27-(0)21-683-0577 (m) +27-(0)83-318-4070 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists