Full Disclosure mailing list archives

MS should point windowsupdate.com to 127.0.0.1

From: Tobias Oetiker <oetiker () ee ethz ch>
Date: Fri, 15 Aug 2003 00:14:56 +0200 (MEST)

Folks,

How about MS standing up for the mess, and changing their own DNS
to point all request for windowsupdate.com and whatnot to 127.0.01 ?

This will null the effect of the syn flood very effectively. Only
proxies will be affected.

As far as I see it, they will not be able to use these names
productively for the foreseeable future anyways ...

So they will have to issue an update for windows-updater thourgh
other channels (like their homepage for example) to point it to a
different web-site .. that should not be all that much of a
problem.

If MS does NOT make this change to their DNS, I can see many
routers who are trying to track connections toppling over in
interesting ways.

Because the local techs have no clue, it will
take the affected companies ages to get back on the net.

tobi
-- 
 ______    __   _
/_  __/_  / /  (_) Oetiker @ ISG.EE, ETZ J97, ETH, CH-8092 Zurich
 / // _ \/ _ \/ /  System Manager, Time Lord, Coder, Designer, Coach
/_/ \.__/_.__/_/   http://people.ee.ethz.ch/~oetiker   +41(0)1-632-5286
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

msblast DDos counter measures B3r3n (Aug 14)
- MS should point windowsupdate.com to 127.0.0.1 Tobias Oetiker (Aug 14)
  - RE: MS should point windowsupdate.com to 127.0.0.1 Jeroen Massar (Aug 14)
    - RE: MS should point windowsupdate.com to 127.0.0.1 Steffen Kluge (Aug 15)
- RE: msblast DDos counter measures Marc Maiffret (Aug 14)
  - RE: msblast DDos counter measures Laurent LEVIER (Aug 15)