Impending (mydoom) DOS attack
Valdis.Kletnieks at vt.edu
Valdis.Kletnieks at vt.edu
Sat Jan 31 22:31:03 UTC 2004
On Sat, 31 Jan 2004 18:24:42 GMT, "Stephen J. Wilcox" said:
> I'm not sure what the point of the DoS is if its intended to be a spam engine,
> that would have the effect of helping to identify and hence clean up the
> infections.
Ahh.. you didn't take the time to think it through. ;)
Consider - the perpetrator releases a *very* noisy worm with a DDoS engine
on it (admittedly buggy). Then you go on vacation someplace warm and sunny,
where visually attractive people of your preferred gender are walking around
wearing a lot more than you need to wear where you were...
Computers catch it. Computers spew it. Computers do their DDoS tapdance.
Hopefully users and ISP staff notice and take action.
Then 3 weeks later, you come back, tanned and rested - and run another
scan. If you find your spam backdoor on port 3127 *still* open on a
machine, you can be fairly sure you can spam away with impunity - if the
user and their ISP didn't notice the box spewing mail the FIRST time, they
won't notice the second time.....
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20040131/8f5df006/attachment.sig>
More information about the NANOG
mailing list