Impending (mydoom) DOS attack

• Previous message (by thread): Impending (mydoom) DOS attack
• Next message (by thread): Impending (mydoom) DOS attack
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I believe the only route to SCO comes via us, XO, to a customer of ours who
provides bandwidth to SCO.  We've been in contact with our customer and they
have been in contact with SCO, discussing precautions we can take.  I think
we're relaying the results of those discussions to our major peers.  Since
I'm not directly involved, I will say no more...but at least you know we
are trying to do something.. :)

I would gather that you are correct in that if SCO's site cannot be reached..
in a way that connections have to 'time out', it would reduce the volume of
traffic and the rate of packets.  Windows would be waiting for the SYN ACK
and not looping very quickly..

- Chris

-- 
Chris Behrens
Senior Software Architect
XO Communications



On Fri, Jan 30, 2004 at 04:18:03PM -0500, bcm wrote:
> Is anyone taking any special precautions given the potential for a sudden increase in aggregate packets per second across your networks come Sunday afternoon when the original Mydoom virus enters into its DOS phase?
> 
> Does anyone know if the virus' assault will be slowed if it is unable to reach www.sco.com?  I am hoping that if it cannot reach SCO's site that the HTTP GET command will be slow in returning, effectively reducing the volume of traffic a single PC is capable is generating.  I am having a difficult time artificially forcing the virus to start its attack in a lab environment, so I am unable to confirm this.
> 
> Any input would be appreciated.  Thanks!
> 

• Previous message (by thread): Impending (mydoom) DOS attack
• Next message (by thread): Impending (mydoom) DOS attack
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]