[60508] in North American Network Operators' Group
Re: The impending DDoS storm
daemon@ATHENA.MIT.EDU (Jason Frisvold)
Wed Aug 13 13:47:47 2003
From: Jason Frisvold <friz@corp.ptd.net>
To: Lloyd Taylor <ltaylor@keynote.com>
Cc: Jack Bates <jbates@brightok.net>, nanog@merit.edu
In-Reply-To: <Pine.LNX.4.44.0308130924130.13119-100000@mailweb01inhq.keynote.com>
Date: Wed, 13 Aug 2003 13:46:45 -0400
Errors-To: owner-nanog-outgoing@merit.edu
--=-YNaL7dDKQkWggaNSEjys
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable
If the blaster cannot get a proper DNS response, it continues to
replicate via port 135... It then goes into a retry cycle and continues
to try to get a good DNS lookup.
On Wed, 2003-08-13 at 12:25, Lloyd Taylor wrote:
> Does anyone have any notion of what the Blaster worm will do if the
> DNS lookup for "windowsupdate.com" returns NXDOMAIN? If it handles this
> case by not sending any micreant love, might that not be the best way
> to mitigate the potential damage?
>=20
> --Lloyd
>=20
> On Wed, 13 Aug 2003, Jack Bates wrote:
>=20
> > Date: Wed, 13 Aug 2003 11:10:13 -0500
> > From: Jack Bates <jbates@brightok.net>
> > To: Jason Frisvold <friz@corp.ptd.net>
> > Cc: "Ingevaldson, Dan (ISS Atlanta)" <dsi@iss.net>,
> > Stephen J. Wilcox <steve@telecomplete.co.uk>, nanog@merit.edu
> > Subject: Re: The impending DDoS storm
> >=20
> >=20
> > On Wed, 2003-08-13 at 10:55, Ingevaldson, Dan (ISS Atlanta) wrote:
> > >-Does one DNS lookup on "windowsupdate.com" and then uses the IP
> >=20
> > No, I wouldn't dream of setting windowsupdate.com to 127.0.0.1. Who in=20
> > their right mind would do that?
> >=20
> > -Jack
> >=20
--=20
---------------------------
Jason H. Frisvold
Backbone Engineering Supervisor
Penteledata Engineering
friz@corp.ptd.net
RedHat Engineer - RHCE # 807302349405893
Cisco Certified - CCNA # CSCO10151622
MySQL Core Certified - ID# 205982910
---------------------------
"Imagination is more important than knowledge.
Knowledge is limited. Imagination encircles
the world."
-- Albert Einstein [1879-1955]
--=-YNaL7dDKQkWggaNSEjys
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQA/OnmERsoFMdDaiQgRAhf7AKCOk5PJezAqnka2NJupAMneBXgJywCg11fy
vds0QHDPKCuz8jNa1e5LEQg=
=XrL6
-----END PGP SIGNATURE-----
--=-YNaL7dDKQkWggaNSEjys--
