lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <NDBBKKOCALIBPMFFNMEMGEMGEIAA.cseagle@redshift.com> From: cseagle at redshift.com (Chris Eagle) Subject: MSBlast DDoS The DDoS packets should go straight to your firewall. They are raw IP packets crafted with the windowsupdate.com ip address as the destination, not that of your proxy server, so they should be sent to your gateway device. The source IP is randomized in various ways so probably won't appear to originate from within your network. The source MAC should be traceable back to the infected machine however. Chris -----Original Message----- From: full-disclosure-admin@...ts.netsys.com [mailto:full-disclosure-admin@...ts.netsys.com]On Behalf Of Jasper Blackwell Sent: Wednesday, August 13, 2003 12:03 AM To: full-disclosure@...ts.netsys.com Subject: [Full-Disclosure] MSBlast DDoS Does anyone know if the DoS which works on port 80, according to the Eeye advisory, is going to go through the proxy servers or just straight to the firewall? I would guess it will go through the proxy servers. Also any clues what to look for on the firewall logs? Again if it goes through the proxy servers I suppose looking for a lot of traffic from our proxies to the windows update site, using TCP traffic. Jasp
Powered by blists - more mailing lists