rpc dcom worm and windowsupdate

From: Oliver.Gruskovnjakat_private
Date: Wed Aug 13 2003 - 02:03:54 PDT

Next message: Alan B. Clegg: "Re: Blasting Blaster.Worm (aka LovSan Virus)"

Previous message: Eric Hines: "RE: Blasting Blaster.Worm (aka LovSan Virus)"
Next in thread: Compton, Rich: "RE: rpc dcom worm and windowsupdate"
Reply: Compton, Rich: "RE: rpc dcom worm and windowsupdate"
Reply: Flowers, Katie: "RE: rpc dcom worm and windowsupdate"
Reply: Jay Woody: "Re: rpc dcom worm and windowsupdate"
Reply: Alon Tirosh: "FW: rpc dcom worm and windowsupdate"
Reply: Steffen Kluge: "Re: rpc dcom worm and windowsupdate"
Reply: Zach Forsyth: "RE: rpc dcom worm and windowsupdate"
Reply: Tim: "Re: rpc dcom worm and windowsupdate"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hey guys,

Ok our company is owned by the msblaster worm, now we would like to keep the
ddos attack under control.
Our Idea is, that we can make that one of our proxies will identify himself
as windowsupdate.com.

Now my question is, is the Worm looking for windowsupdate.com per Lookup or
has it a fix ip in the Source ?
Does someone know anything ?
Haves some the sorce :)

PS:
What are you doing against it ?


regards

Gruskovnjak Oliver 
----------------------------------------------------------------------------
------
Bundesamt für Informatik und Telekommunikation BIT 
Bereitstellung Netzdienste / BZBN
Monbijoustrasse 74 
3003 Bern 
----------------------------------------------------------------------------
------
Tel. +41 (0) 31 323 89 84
Fax +41 (0) 31 325 90 30 
----------------------------------------------------------------------------
------
SMTP: oliver.gruskovnjakat_private

WEB: www.bit.admin.ch
----------------------------------------------------------------------------
------


---------------------------------------------------------------------------
----------------------------------------------------------------------------

Next message: Alan B. Clegg: "Re: Blasting Blaster.Worm (aka LovSan Virus)"
Previous message: Eric Hines: "RE: Blasting Blaster.Worm (aka LovSan Virus)"
Next in thread: Compton, Rich: "RE: rpc dcom worm and windowsupdate"
Reply: Compton, Rich: "RE: rpc dcom worm and windowsupdate"
Reply: Flowers, Katie: "RE: rpc dcom worm and windowsupdate"
Reply: Jay Woody: "Re: rpc dcom worm and windowsupdate"
Reply: Alon Tirosh: "FW: rpc dcom worm and windowsupdate"
Reply: Steffen Kluge: "Re: rpc dcom worm and windowsupdate"
Reply: Zach Forsyth: "RE: rpc dcom worm and windowsupdate"
Reply: Tim: "Re: rpc dcom worm and windowsupdate"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Aug 13 2003 - 07:53:16 PDT