| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <754CEE031012D411A3EF08000627B2FA02C94322@pdbnt03.pdb.flextronics.com> From: Roland.Arendes at de.flextronics.com (Roland Arendes) Subject: DDos counter measures As far as I can see microsoft already fixed the situation, there won't be any dDoS. Can someone confirm this? The dns record of windowsupdate.com is empty/deleted. To your question: this 127.0.0.1-thing is a very bad idea, because the worm will use spoofed source ip adresses from your local network. the machine itself (127.0.0.1) will flood RST-packets cause of the closed port through your local network (nice thing ;) And no: windowsupdate.microsoft.com is not needed as it is not resolved by the worm > -----Original Message----- > From: vogt@...senet.com [mailto:vogt@...senet.com] > Sent: Freitag, 15. August 2003 09:43 > To: llevier@...osnet.com; full-disclosure@...ts.netsys.com > Subject: AW: [Full-Disclosure] DDos counter measures > > > > Since our IntraNet solves all its DNS queries through > internal caches > > (mandatory bottleneck), we created windowsupdate.com & > > windowsupdate.microsoft.com zones in this bottleneck DNS. These are > > resolving to 127.0.0.1 with DNS wildcards. > > Is it necessary to add windowsupdate.microsoft.com to this? > So far, all analysis indicated that it attacks > windowsupdate.com, the old legacy site. Or did I miss something? > > > best regards / mit freundlichen Gruessen, > > Tom Vogt > Hansenet Webfarm Security > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html >
Powered by blists - more mailing lists