|
Full Disclosure
mailing list archives
RE: DDoS on the 16th - Fail if no DNS resolution?
From: "Chris Eagle" <cseagle () redshift com>
Date: Wed, 13 Aug 2003 20:05:15 -0700
It uses the user's default locale for time.
here is the code snippet:
GetDateFormat(LOCALE_USER_DEFAULT, 0, NULL, "d", day, 3);
GetDateFormat(LOCALE_USER_DEFAULT, 0, NULL, "M", mon, 3);
if (atoi(day) > 15 || atoi(mon) > 8) {
CreateThread(NULL, 0, SynFlood, NULL, 0, &temp);
}
Also, it only checks the date one time, at start up. If the worm is running
at midnight on the 15/16, it will NOT initiate the DDoS. It would have to
be shutdown and restarted again within the desired time window.
Chris
-----Original Message-----
From: full-disclosure-admin () lists netsys com
[mailto:full-disclosure-admin () lists netsys com]On Behalf Of Darren Reed
Sent: Wednesday, August 13, 2003 6:17 PM
To: Jason Witty
Cc: Full-Disclosure () lists netsys com
Subject: Re: [Full-disclosure] DDoS on the 16th - Fail if no DNS
resolution?
In some mail from Jason Witty, sie said:
All,
Has anyone tested this worm yet to see what it'll do if you set up an
internal DNS entry for windowsupdate.com to point to a black hole address
(127.0.0.1 for example) and then set the system clock to be August 16th
(this Saturday)?
Just to flip back to the 15th/16th thing, the significant thing here is
if it is using localtime vs GMT time then it will be the 16th in some
parts of the world before others...eg the West coast of USA is 7 hours
ahead of the East coast of Australia, but a day behind, so come 00:01
Saturday the 16th in Australia, it'll be 7:01am in Seattle on Friday the
15th...
Darren
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
 By Date 
By Thread
Current thread:
- RE: DDoS on the 16th - Fail if no DNS resolution?, (continued)
|
Intro
