[60502] in North American Network Operators' Group
RE: The impending DDoS storm
daemon@ATHENA.MIT.EDU (McBurnett, Jim)
Wed Aug 13 12:51:46 2003
Date: Wed, 13 Aug 2003 12:51:12 -0400
From: "McBurnett, Jim" <jmcburnett@msmgmt.com>
To: "Lloyd Taylor" <ltaylor@keynote.com>,
"Jack Bates" <jbates@brightok.net>
Cc: <nanog@merit.edu>
Errors-To: owner-nanog-outgoing@merit.edu
But doesn't that mean the hacker won?
If you change the DNS and a user can not get to=20
windowsupdate, you just helped him create a better
DoS than he had...
J
-----Original Message-----
From: Lloyd Taylor [mailto:ltaylor@keynote.com]
Sent: Wednesday, August 13, 2003 12:26 PM
To: Jack Bates
Cc: nanog@merit.edu
Subject: Re: The impending DDoS storm
Does anyone have any notion of what the Blaster worm will do if the
DNS lookup for "windowsupdate.com" returns NXDOMAIN? If it handles this
case by not sending any micreant love, might that not be the best way
to mitigate the potential damage?
--Lloyd
On Wed, 13 Aug 2003, Jack Bates wrote:
> Date: Wed, 13 Aug 2003 11:10:13 -0500
> From: Jack Bates <jbates@brightok.net>
> To: Jason Frisvold <friz@corp.ptd.net>
> Cc: "Ingevaldson, Dan (ISS Atlanta)" <dsi@iss.net>,
> Stephen J. Wilcox <steve@telecomplete.co.uk>, nanog@merit.edu
> Subject: Re: The impending DDoS storm
>=20
>=20
> On Wed, 2003-08-13 at 10:55, Ingevaldson, Dan (ISS Atlanta) wrote:
> >-Does one DNS lookup on "windowsupdate.com" and then uses the IP
>=20
> No, I wouldn't dream of setting windowsupdate.com to 127.0.0.1. Who in =
> their right mind would do that?
>=20
> -Jack
>=20
--=20
