> From: Chris Eagle [mailto:cseagleat_private] > Sent: 12 August 2003 01:31 > Subject: RE: [Full-Disclosure] Windows Dcom Worm planned DDoS > > > The IP is not hard coded. It does a lookup on "windowsupdate.com" Allowing the option for corporates and/or isp's to dns poison that to resolve to 127.0.0.1, or even dns race with tools like team teso's if one doesn't use internal/cacheing NS. Might save some traffic on 15 August. Alternative, route all traffic to the resolved IP addresses to /dev/null, but with the above, the traffic shouldn't even leave the machine in question. -- Andrew G. Thomas Hobbs & Associates Chartered Accountants (SA) (o) +27-(0)21-683-0500 (f) +27-(0)21-683-0577 (m) +27-(0)83-318-4070 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
This archive was generated by hypermail 2b30 : Tue Aug 12 2003 - 05:55:34 PDT