[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <001001c360b8$834ee2e0$0101a8c0@gfserver>
Date: Tue, 12 Aug 2003 12:00:01 +0200
From: "Andrew Thomas" <andrewt@....co.za>
To: <bugtraq@...urityfocus.com>, <full-disclosure@...ts.netsys.com>
Subject: Windows Dcom Worm planned DDoS
Hi,
The examinations of the code so far indicate that the worm is
coded to DoS the windowsupdate site from the 15th of August
onwards through the end of the year.
I haven't seen anything mentioning whether or not the IP is
hardcoded. If not, shouldn't Microsoft just set the forward
resolve to 127.0.0.1 for a period of time?
That will probably save many, many $'s of wasted traffic.
--
Andrew G. Thomas
Hobbs & Associates Chartered Accountants (SA)
(o) +27-(0)21-683-0500
(f) +27-(0)21-683-0577
(m) +27-(0)83-318-4070
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists