Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Good Job, White House!

  • From: Christopher A. Woodfield
  • Date: Tue Jul 24 11:57:47 2001

Actually, what they did was disgustingly simple - it was observed that (1) 
the IP address, not the hostname, of www1.whitehouse.gov was hardcoded 
into the worm, and (2) the worm made a connection to port 80 on that IP 
address to make sure the host was live before launching the DoS.

Given these two weaknesses, all that the whitehouse.gov admins had to do 
was move the server to a different IP, and nullroute the old IP. The worm 
tried to contact the old IP, couldn't open a socket, and quietly went 
dormant.

I would expect that the next worm of this type will have neither of these 
vulnerabilities.

-C

> 
> I'm personally more pleased with the network operators that dealt with the
> problem.  Thanks, Guys!  I'm not exactly sure what the White House did.
> 
-- 
---------------------------
Christopher A. Woodfield		rekoil@semihuman.com

PGP Public Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xB887618B




Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.