lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <NDBBKKOCALIBPMFFNMEMMELAEIAA.cseagle@redshift.com>
Date: Tue, 12 Aug 2003 04:30:47 -0700
From: "Chris Eagle" <cseagle@...shift.com>
To: "Andrew Thomas" <andrewt@....co.za>, <bugtraq@...urityfocus.com>,
   <full-disclosure@...ts.netsys.com>
Subject: RE: Windows Dcom Worm planned DDoS


The IP is not hard coded.  It does a lookup on "windowsupdate.com"

Chris

-----Original Message-----
From: full-disclosure-admin@...ts.netsys.com
[mailto:full-disclosure-admin@...ts.netsys.com]On Behalf Of Andrew
Thomas
Sent: Tuesday, August 12, 2003 3:00 AM
To: bugtraq@...urityfocus.com; full-disclosure@...ts.netsys.com
Subject: [Full-Disclosure] Windows Dcom Worm planned DDoS


Hi,

The examinations of the code so far indicate that the worm is 
coded to DoS the windowsupdate site from the 15th of August 
onwards through the end of the year.

I haven't seen anything mentioning whether or not the IP is
hardcoded. If not, shouldn't Microsoft just set the forward
resolve to 127.0.0.1 for a period of time?

That will probably save many, many $'s of wasted traffic.

--
Andrew G. Thomas
Hobbs & Associates Chartered Accountants (SA)
(o) +27-(0)21-683-0500
(f) +27-(0)21-683-0577
(m) +27-(0)83-318-4070 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ