|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: The impending DDoS storm
If the blaster cannot get a proper DNS response, it continues to replicate via port 135... It then goes into a retry cycle and continues to try to get a good DNS lookup. On Wed, 2003-08-13 at 12:25, Lloyd Taylor wrote: > Does anyone have any notion of what the Blaster worm will do if the > DNS lookup for "windowsupdate.com" returns NXDOMAIN? If it handles this > case by not sending any micreant love, might that not be the best way > to mitigate the potential damage? > > --Lloyd > > On Wed, 13 Aug 2003, Jack Bates wrote: > > > Date: Wed, 13 Aug 2003 11:10:13 -0500 > > From: Jack Bates <[email protected]> > > To: Jason Frisvold <[email protected]> > > Cc: "Ingevaldson, Dan (ISS Atlanta)" <[email protected]>, > > Stephen J. Wilcox <[email protected]>, [email protected] > > Subject: Re: The impending DDoS storm > > > > > > On Wed, 2003-08-13 at 10:55, Ingevaldson, Dan (ISS Atlanta) wrote: > > >-Does one DNS lookup on "windowsupdate.com" and then uses the IP > > > > No, I wouldn't dream of setting windowsupdate.com to 127.0.0.1. Who in > > their right mind would do that? > > > > -Jack > > -- --------------------------- Jason H. Frisvold Backbone Engineering Supervisor Penteledata Engineering [email protected] RedHat Engineer - RHCE # 807302349405893 Cisco Certified - CCNA # CSCO10151622 MySQL Core Certified - ID# 205982910 --------------------------- "Imagination is more important than knowledge. Knowledge is limited. Imagination encircles the world." -- Albert Einstein [1879-1955] Attachment:
signature.asc
|