On Tue, 24 Jul 2001, Felix Harris wrote: > > 1) The Internet has a limited number of root name > > servers. > I'm going to make a stab in the dark, but this also assumes that > nameservers don't cache translations, and by nameservers I mean > the ones on ISPs and localhosts around the world. This would > mean that a DoS would have to operate until the cache expired, by > which time the attacking hosts could have been filtered, or the root > nameservers could have been kicked. Actually, a rather nasty thing to do, would have been to set the worm up to attack www.microsoft.com. If my guess is right, that site uses the same pipe as support.microsoft.com or windowsupdate.microsoft.com. Had the person done this, it would have effectly used microsoft's own bug against it, and would have caused a big problem: how are the people supposed to obtain the patch if the site holding the patch gets hosed? It's a scarry thought, but funny one: A DDOS by microsoft's own software against itself. - Lynn
This archive was generated by hypermail 2b30 : Wed Jul 25 2001 - 11:55:33 PDT