Impending (mydoom) DOS attack

Mikael Abrahamsson swmike at swm.pp.se
Sat Jan 31 07:01:20 UTC 2004



;; ANSWER SECTION:
www.sco.com.            60      IN      A       216.250.128.12

As far as I can see, someone has taken precation and lowered the TTL on 
www.sco.com to 60 seconds so any DOS attack towards www.sco.com can be 
hindered by them changing their DNS information. This wont stop any DoS in 
progress, or it might, I dont know if the worm will do repeated DNS 
resolves or only do it once and keep sending data to that IP until reboot.

-- 
Mikael Abrahamsson    email: swmike at swm.pp.se




More information about the NANOG mailing list