[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <BAY7-F53Aeh9bw3s3dH00043072@hotmail.com>
From: jasper599 at hotmail.com (Jasper Blackwell)
Subject: MSBlast DDoS
Hi All,
I should have kept on reading the list after TC's post and I would have
found the answer to my question, doh :). It's early here and I hadn't had
any caffine yet, always a bad idea trying to think before my morning caffine
:).
Anyway another question for you all. We are having some success here
tracking infected machines by looking for dropped 135 connection attempts to
Internet IP addresses on our Internet firewall log. I am wondering what the
DoS traffic is going to look like on our firewall logs should any infections
still be with us on the 16th. Our setup requires PCs to connect to the
Internet through proxy servers and those proxy servers IP addresses are
allowed through the firewall, the PC's IP address ranges are not.
Does anyone know if the DoS which works on port 80, according to the Eeye
advisory, is going to go through the proxy servers or just straight to the
firewall? I would guess it will go through the proxy servers.
Also any clues what to look for on the firewall logs? Again if it goes
through the proxy servers I suppose looking for a lot of traffic from our
proxies to the windows update site, using TCP traffic.
Jasp
_________________________________________________________________
Hotmail messages direct to your mobile phone http://www.msn.co.uk/msnmobile
Powered by blists - more mailing lists