MicroSoft amplification?
Brandon Ross
bross at netrail.net
Wed Aug 1 18:11:17 UTC 2001
So with all the noise about Code Red, and in the process of trying to
recover from various attacks, I happened to try to ping
www.microsoft.com. It's probably par for the course that this happens:
Wed Aug 1 14:05:29 bross at ogre:~ $ ping www.microsoft.com
PING www.microsoft.akadns.net (207.46.197.100): 56 data bytes
64 bytes from 207.46.197.100: icmp_seq=1 ttl=45 time=37.5 ms
64 bytes from 207.46.197.100: icmp_seq=1 ttl=45 time=41.2 ms (DUP!)
64 bytes from 207.46.197.100: icmp_seq=1 ttl=45 time=42.8 ms (DUP!)
64 bytes from 207.46.197.100: icmp_seq=1 ttl=45 time=43.9 ms (DUP!)
64 bytes from 207.46.197.100: icmp_seq=1 ttl=45 time=45.0 ms (DUP!)
64 bytes from 207.46.197.100: icmp_seq=1 ttl=45 time=46.1 ms (DUP!)
64 bytes from 207.46.197.100: icmp_seq=1 ttl=45 time=47.3 ms (DUP!)
64 bytes from 207.46.197.100: icmp_seq=1 ttl=45 time=48.4 ms (DUP!)
64 bytes from 207.46.197.100: icmp_seq=1 ttl=45 time=49.5 ms (DUP!)
64 bytes from 207.46.197.100: icmp_seq=1 ttl=45 time=57.6 ms (DUP!)
64 bytes from 207.46.197.100: icmp_seq=2 ttl=45 time=39.8 ms
64 bytes from 207.46.197.100: icmp_seq=2 ttl=45 time=41.4 ms (DUP!)
64 bytes from 207.46.197.100: icmp_seq=2 ttl=45 time=42.7 ms (DUP!)
64 bytes from 207.46.197.100: icmp_seq=2 ttl=45 time=43.3 ms (DUP!)
64 bytes from 207.46.197.100: icmp_seq=2 ttl=45 time=44.4 ms (DUP!)
64 bytes from 207.46.197.100: icmp_seq=2 ttl=45 time=45.5 ms (DUP!)
64 bytes from 207.46.197.100: icmp_seq=2 ttl=45 time=46.8 ms (DUP!)
64 bytes from 207.46.197.100: icmp_seq=2 ttl=45 time=47.9 ms (DUP!)
64 bytes from 207.46.197.100: icmp_seq=2 ttl=45 time=49.0 ms (DUP!)
64 bytes from 207.46.197.100: icmp_seq=2 ttl=45 time=51.6 ms (DUP!)
64 bytes from 207.46.197.100: icmp_seq=3 ttl=45 time=39.6 ms
I find it interesting and almost amusing that MicroSoft's own web server
can be used for amplification attacks.
--
Brandon Ross 404-522-5400
EVP Engineering, NetRail http://www.netrail.net
AIM: BrandonNR ICQ: 2269442
Read RFC 2644!
More information about the NANOG
mailing list