The impending DDoS storm
Jason Frisvold
friz at corp.ptd.net
Wed Aug 13 17:46:45 UTC 2003
If the blaster cannot get a proper DNS response, it continues to
replicate via port 135... It then goes into a retry cycle and continues
to try to get a good DNS lookup.
On Wed, 2003-08-13 at 12:25, Lloyd Taylor wrote:
> Does anyone have any notion of what the Blaster worm will do if the
> DNS lookup for "windowsupdate.com" returns NXDOMAIN? If it handles this
> case by not sending any micreant love, might that not be the best way
> to mitigate the potential damage?
>
> --Lloyd
>
> On Wed, 13 Aug 2003, Jack Bates wrote:
>
> > Date: Wed, 13 Aug 2003 11:10:13 -0500
> > From: Jack Bates <jbates at brightok.net>
> > To: Jason Frisvold <friz at corp.ptd.net>
> > Cc: "Ingevaldson, Dan (ISS Atlanta)" <dsi at iss.net>,
> > Stephen J. Wilcox <steve at telecomplete.co.uk>, nanog at merit.edu
> > Subject: Re: The impending DDoS storm
> >
> >
> > On Wed, 2003-08-13 at 10:55, Ingevaldson, Dan (ISS Atlanta) wrote:
> > >-Does one DNS lookup on "windowsupdate.com" and then uses the IP
> >
> > No, I wouldn't dream of setting windowsupdate.com to 127.0.0.1. Who in
> > their right mind would do that?
> >
> > -Jack
> >
--
---------------------------
Jason H. Frisvold
Backbone Engineering Supervisor
Penteledata Engineering
friz at corp.ptd.net
RedHat Engineer - RHCE # 807302349405893
Cisco Certified - CCNA # CSCO10151622
MySQL Core Certified - ID# 205982910
---------------------------
"Imagination is more important than knowledge.
Knowledge is limited. Imagination encircles
the world."
-- Albert Einstein [1879-1955]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20030813/26d852e5/attachment.sig>
More information about the NANOG
mailing list