lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <MKEAIJIPCGAHEFEJGDOCKEGDLIAA.marc@eeye.com>
From: marc at eeye.com (Marc Maiffret)
Subject: Re: [normal] RE: Windows Dcom Worm planned DDoS

Everyone seems a little confused on the windowsupdate.com DDoS. It is a
rather mute point as it is easily fixable. They just need to remap it to
127.0.0.1 and all the SYN's will die on the local host of the infected
machine. Routing windowsupdate.com to 127.0.0.1 will not break anyone's
ability to get patches as "windowsupdate.com" is not directly used.

That is only a workaround for this single host attack though, in the end
everyone (even patched people) can get screwed by this flaw and new worms
until enough people have patched.

eEye Blaster Worm Analysis
http://www.eeye.com/html/Research/Advisories/AL20030811.html

Signed,
Marc Maiffret
Chief Hacking Officer
eEye Digital Security
T.949.349.9062
F.949.349.9538
http://eEye.com/Retina - Network Security Scanner
http://eEye.com/Iris - Network Traffic Analyzer
http://eEye.com/SecureIIS - Stop known and unknown IIS vulnerabilities

| -----Original Message-----
| From: full-disclosure-admin@...ts.netsys.com
| [mailto:full-disclosure-admin@...ts.netsys.com]On Behalf Of martin f
| krafft
| Sent: Tuesday, August 12, 2003 9:27 AM
| To: full-disclosure@...ts.netsys.com
| Subject: [Full-Disclosure] Re: [normal] RE: Windows Dcom Worm planned
| DDoS
|
|
| also sprach martin f krafft <madduck@...duck.net> [2003.08.12.1654 +0200]:
| > Why on earth would you want to help protect Micro$oft's service?
| > Either they can deal with their crap themselves, or you should be
| > using proper software. I'll probably make sure to infect a couple of
| > computers on Saturday just for the sake of DoS'ing their site.
|
| And aside, we are talking about a SYN flood attack here, no? If
| Micro$oft can't deal with those, knowing of their advent, then they
| aren't worth being helped.
|
| --
| martin;              (greetings from the heart of the sun.)
|   \____ echo mailto: !#^."<*>"|tr "<*> mailto:" net@...duck
|
| invalid/expired pgp subkeys? use subkeys.pgp.net as keyserver!
|
| tempt not a desperate man.
|                                                 -- william shakespeare
|


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ