lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <200308130506.h7D56336006588@techmonkeys.org>
From: wcc at techmonkeys.org (Wcc)
Subject: Windows Dcom Worm planned DDoS

 

> -----Original Message-----
> From: full-disclosure-admin@...ts.netsys.com 
> [mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of 
> Andrew Thomas
> Sent: Tuesday, August 12, 2003 6:00 AM
> To: bugtraq@...urityfocus.com; full-disclosure@...ts.netsys.com
> Subject: [Full-Disclosure] Windows Dcom Worm planned DDoS
> 
> Hi,
> 
> The examinations of the code so far indicate that the worm is 
> coded to DoS the windowsupdate site from the 15th of August 
> onwards through the end of the year.
> 
> I haven't seen anything mentioning whether or not the IP is
> hardcoded. If not, shouldn't Microsoft just set the forward
> resolve to 127.0.0.1 for a period of time?
> 
> That will probably save many, many $'s of wasted traffic.

True, and if the IP is hardcoded, then the machine can just
be assigned new IPs (and the others nulled), and operation would continue as
normal.  

> --
> Andrew G. Thomas
> Hobbs & Associates Chartered Accountants (SA)
> (o) +27-(0)21-683-0500
> (f) +27-(0)21-683-0577
> (m) +27-(0)83-318-4070 

Wcc

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ