Home page logo

nanog logo nanog mailing list archives

Re: The impending DDoS storm
From: Jason Frisvold <friz () corp ptd net>
Date: Wed, 13 Aug 2003 13:46:45 -0400

If the blaster cannot get a proper DNS response, it continues to
replicate via port 135... It then goes into a retry cycle and continues
to try to get a good DNS lookup.

On Wed, 2003-08-13 at 12:25, Lloyd Taylor wrote:
Does anyone have any notion of what the Blaster worm will do if the
DNS lookup for "windowsupdate.com" returns NXDOMAIN?  If it handles this
case by not sending any micreant love, might that not be the best way
to mitigate the potential damage?


On Wed, 13 Aug 2003, Jack Bates wrote:

Date: Wed, 13 Aug 2003 11:10:13 -0500
From: Jack Bates <jbates () brightok net>
To: Jason Frisvold <friz () corp ptd net>
Cc: "Ingevaldson, Dan (ISS Atlanta)" <dsi () iss net>,
     Stephen J. Wilcox <steve () telecomplete co uk>, nanog () merit edu
Subject: Re: The impending DDoS storm

On Wed, 2003-08-13 at 10:55, Ingevaldson, Dan (ISS Atlanta) wrote:
-Does one DNS lookup on "windowsupdate.com" and then uses the IP

No, I wouldn't dream of setting windowsupdate.com to Who in 
their right mind would do that?


Jason H. Frisvold
Backbone Engineering Supervisor
Penteledata Engineering
friz () corp ptd net
RedHat Engineer - RHCE # 807302349405893
Cisco Certified - CCNA # CSCO10151622
MySQL Core Certified - ID# 205982910
"Imagination is more important than knowledge.
Knowledge is limited. Imagination encircles
the world."
      -- Albert Einstein [1879-1955]

Attachment: signature.asc
Description: This is a digitally signed message part

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]