lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <BAY7-F53Aeh9bw3s3dH00043072@hotmail.com>
From: jasper599 at hotmail.com (Jasper Blackwell)
Subject: MSBlast DDoS

Hi All,

I should have kept on reading the list after TC's post and I would have 
found the answer to my question, doh :). It's early here and I hadn't had 
any caffine yet, always a bad idea trying to think before my morning caffine 
:).

Anyway another question for you all. We are having some success here 
tracking infected machines by looking for dropped 135 connection attempts to 
Internet IP addresses on our Internet firewall log. I am wondering what the 
DoS traffic is going to look like on our firewall logs should any infections 
still be with us on the 16th. Our setup requires PCs to connect to the 
Internet through proxy servers and those proxy servers IP addresses are 
allowed through the firewall, the PC's IP address ranges are not.

Does anyone know if the DoS which works on port 80, according to the Eeye 
advisory, is going to go through the proxy servers or just straight to the 
firewall? I would guess it will go through the proxy servers.

Also any clues what to look for on the firewall logs? Again if it goes 
through the proxy servers I suppose looking for a lot of traffic from our 
proxies to the windows update site, using TCP traffic.

Jasp

_________________________________________________________________
Hotmail messages direct to your mobile phone http://www.msn.co.uk/msnmobile


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ