> -----Original Message----- > From: full-disclosure-adminat_private > [mailto:full-disclosure-adminat_private] On Behalf Of > Andrew Thomas > Sent: Tuesday, August 12, 2003 6:00 AM > To: bugtraqat_private; full-disclosureat_private > Subject: [Full-Disclosure] Windows Dcom Worm planned DDoS > > Hi, > > The examinations of the code so far indicate that the worm is > coded to DoS the windowsupdate site from the 15th of August > onwards through the end of the year. > > I haven't seen anything mentioning whether or not the IP is > hardcoded. If not, shouldn't Microsoft just set the forward > resolve to 127.0.0.1 for a period of time? > > That will probably save many, many $'s of wasted traffic. True, and if the IP is hardcoded, then the machine can just be assigned new IPs (and the others nulled), and operation would continue as normal. > -- > Andrew G. Thomas > Hobbs & Associates Chartered Accountants (SA) > (o) +27-(0)21-683-0500 > (f) +27-(0)21-683-0577 > (m) +27-(0)83-318-4070 Wcc _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
This archive was generated by hypermail 2b30 : Tue Aug 12 2003 - 23:03:20 PDT