MicroSoft amplification?

Brandon Ross bross at netrail.net
Wed Aug 1 18:11:17 UTC 2001 

So with all the noise about Code Red, and in the process of trying to
recover from various attacks, I happened to try to ping
www.microsoft.com.  It's probably par for the course that this happens:

Wed Aug  1 14:05:29 bross at ogre:~ $ ping www.microsoft.com
PING www.microsoft.akadns.net (207.46.197.100): 56 data bytes
64 bytes from 207.46.197.100: icmp_seq=1 ttl=45 time=37.5 ms
64 bytes from 207.46.197.100: icmp_seq=1 ttl=45 time=41.2 ms (DUP!)
64 bytes from 207.46.197.100: icmp_seq=1 ttl=45 time=42.8 ms (DUP!)
64 bytes from 207.46.197.100: icmp_seq=1 ttl=45 time=43.9 ms (DUP!)
64 bytes from 207.46.197.100: icmp_seq=1 ttl=45 time=45.0 ms (DUP!)
64 bytes from 207.46.197.100: icmp_seq=1 ttl=45 time=46.1 ms (DUP!)
64 bytes from 207.46.197.100: icmp_seq=1 ttl=45 time=47.3 ms (DUP!)
64 bytes from 207.46.197.100: icmp_seq=1 ttl=45 time=48.4 ms (DUP!)
64 bytes from 207.46.197.100: icmp_seq=1 ttl=45 time=49.5 ms (DUP!)
64 bytes from 207.46.197.100: icmp_seq=1 ttl=45 time=57.6 ms (DUP!)
64 bytes from 207.46.197.100: icmp_seq=2 ttl=45 time=39.8 ms
64 bytes from 207.46.197.100: icmp_seq=2 ttl=45 time=41.4 ms (DUP!)
64 bytes from 207.46.197.100: icmp_seq=2 ttl=45 time=42.7 ms (DUP!)
64 bytes from 207.46.197.100: icmp_seq=2 ttl=45 time=43.3 ms (DUP!)
64 bytes from 207.46.197.100: icmp_seq=2 ttl=45 time=44.4 ms (DUP!)
64 bytes from 207.46.197.100: icmp_seq=2 ttl=45 time=45.5 ms (DUP!)
64 bytes from 207.46.197.100: icmp_seq=2 ttl=45 time=46.8 ms (DUP!)
64 bytes from 207.46.197.100: icmp_seq=2 ttl=45 time=47.9 ms (DUP!)
64 bytes from 207.46.197.100: icmp_seq=2 ttl=45 time=49.0 ms (DUP!)
64 bytes from 207.46.197.100: icmp_seq=2 ttl=45 time=51.6 ms (DUP!)
64 bytes from 207.46.197.100: icmp_seq=3 ttl=45 time=39.6 ms

I find it interesting and almost amusing that MicroSoft's own web server
can be used for amplification attacks.

-- 
Brandon Ross                                                 404-522-5400
EVP Engineering, NetRail                           http://www.netrail.net
AIM:  BrandonNR                                             ICQ:  2269442
Read RFC 2644!

More information about the NANOG mailing list