The IP is not hard coded. It does a lookup on "windowsupdate.com" Chris -----Original Message----- From: full-disclosure-adminat_private [mailto:full-disclosure-adminat_private]On Behalf Of Andrew Thomas Sent: Tuesday, August 12, 2003 3:00 AM To: bugtraqat_private; full-disclosureat_private Subject: [Full-Disclosure] Windows Dcom Worm planned DDoS Hi, The examinations of the code so far indicate that the worm is coded to DoS the windowsupdate site from the 15th of August onwards through the end of the year. I haven't seen anything mentioning whether or not the IP is hardcoded. If not, shouldn't Microsoft just set the forward resolve to 127.0.0.1 for a period of time? That will probably save many, many $'s of wasted traffic. -- Andrew G. Thomas Hobbs & Associates Chartered Accountants (SA) (o) +27-(0)21-683-0500 (f) +27-(0)21-683-0577 (m) +27-(0)83-318-4070 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
This archive was generated by hypermail 2b30 : Tue Aug 12 2003 - 04:57:22 PDT