The impending DDoS storm

• Previous message (by thread): The impending DDoS storm
• Next message (by thread): The impending DDoS storm
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

But doesn't that mean the hacker won?
If you change the DNS and a user can not get to 
windowsupdate, you just helped him create a better
DoS than he had...


J

-----Original Message-----
From: Lloyd Taylor [mailto:ltaylor at keynote.com]
Sent: Wednesday, August 13, 2003 12:26 PM
To: Jack Bates
Cc: nanog at merit.edu
Subject: Re: The impending DDoS storm



Does anyone have any notion of what the Blaster worm will do if the
DNS lookup for "windowsupdate.com" returns NXDOMAIN?  If it handles this
case by not sending any micreant love, might that not be the best way
to mitigate the potential damage?

--Lloyd

On Wed, 13 Aug 2003, Jack Bates wrote:

> Date: Wed, 13 Aug 2003 11:10:13 -0500
> From: Jack Bates <jbates at brightok.net>
> To: Jason Frisvold <friz at corp.ptd.net>
> Cc: "Ingevaldson, Dan (ISS Atlanta)" <dsi at iss.net>,
>      Stephen J. Wilcox <steve at telecomplete.co.uk>, nanog at merit.edu
> Subject: Re: The impending DDoS storm
> 
> 
> On Wed, 2003-08-13 at 10:55, Ingevaldson, Dan (ISS Atlanta) wrote:
> >-Does one DNS lookup on "windowsupdate.com" and then uses the IP
> 
> No, I wouldn't dream of setting windowsupdate.com to 127.0.0.1. Who in 
> their right mind would do that?
> 
> -Jack
> 

-- 

• Previous message (by thread): The impending DDoS storm
• Next message (by thread): The impending DDoS storm
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]