| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <200308130506.h7D56336006588@techmonkeys.org> Date: Wed, 13 Aug 2003 01:06:11 -0400 From: "Wcc" <wcc@...hmonkeys.org> To: <bugtraq@...urityfocus.com>, <full-disclosure@...ts.netsys.com> Subject: RE: Windows Dcom Worm planned DDoS > -----Original Message----- > From: full-disclosure-admin@...ts.netsys.com > [mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of > Andrew Thomas > Sent: Tuesday, August 12, 2003 6:00 AM > To: bugtraq@...urityfocus.com; full-disclosure@...ts.netsys.com > Subject: [Full-Disclosure] Windows Dcom Worm planned DDoS > > Hi, > > The examinations of the code so far indicate that the worm is > coded to DoS the windowsupdate site from the 15th of August > onwards through the end of the year. > > I haven't seen anything mentioning whether or not the IP is > hardcoded. If not, shouldn't Microsoft just set the forward > resolve to 127.0.0.1 for a period of time? > > That will probably save many, many $'s of wasted traffic. True, and if the IP is hardcoded, then the machine can just be assigned new IPs (and the others nulled), and operation would continue as normal. > -- > Andrew G. Thomas > Hobbs & Associates Chartered Accountants (SA) > (o) +27-(0)21-683-0500 > (f) +27-(0)21-683-0577 > (m) +27-(0)83-318-4070 Wcc _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists