North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
RE: The impending DDoS storm
- From: McBurnett, Jim
- Date: Wed Aug 13 12:53:15 2003
But doesn't that mean the hacker won?
If you change the DNS and a user can not get to
windowsupdate, you just helped him create a better
DoS than he had...
From: Lloyd Taylor [mailto:firstname.lastname@example.org]
Sent: Wednesday, August 13, 2003 12:26 PM
To: Jack Bates
Subject: Re: The impending DDoS storm
Does anyone have any notion of what the Blaster worm will do if the
DNS lookup for "windowsupdate.com" returns NXDOMAIN? If it handles this
case by not sending any micreant love, might that not be the best way
to mitigate the potential damage?
On Wed, 13 Aug 2003, Jack Bates wrote:
> Date: Wed, 13 Aug 2003 11:10:13 -0500
> From: Jack Bates <email@example.com>
> To: Jason Frisvold <firstname.lastname@example.org>
> Cc: "Ingevaldson, Dan (ISS Atlanta)" <email@example.com>,
> Stephen J. Wilcox <firstname.lastname@example.org>, email@example.com
> Subject: Re: The impending DDoS storm
> On Wed, 2003-08-13 at 10:55, Ingevaldson, Dan (ISS Atlanta) wrote:
> >-Does one DNS lookup on "windowsupdate.com" and then uses the IP
> No, I wouldn't dream of setting windowsupdate.com to 127.0.0.1. Who in
> their right mind would do that?