[67007] in North American Network Operators' Group
Re: Impending (mydoom) DOS attack
daemon@ATHENA.MIT.EDU (Leo Bicknell)
Fri Jan 30 19:18:19 2004
Date: Fri, 30 Jan 2004 19:17:43 -0500
From: Leo Bicknell <bicknell@ufp.org>
To: nanog@merit.edu
Mail-Followup-To: nanog@merit.edu
In-Reply-To: <001401c3e776$8c34bed0$4263bacc@corp.ptd.net>
Errors-To: owner-nanog-outgoing@merit.edu
--45Z9DzgjV8m4Oswq
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Having looked for some information to educate myself and my employer,
I will say a weakness right now is that there is limited info about
this worm. I have yet to see any good information on how effective
the attack might be, or what some basic prevention steps (eg
filtering) might do to the worm.
Backbones don't often have people that disassemble worms. It would
be nice to find some way for the anti-virus companies to share more
details quicker with various backbones in order to effectively
combat the DDOS portion of worms.
If anyone has any good analysis on the current worm (other than "it
attacks www.sco.com"), that would be welcome.
--=20
Leo Bicknell - bicknell@ufp.org - CCIE 3440
PGP keys at http://www.ufp.org/~bicknell/
Read TMBG List - tmbg-list-request@tmbg.org, www.tmbg.org
--45Z9DzgjV8m4Oswq
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (FreeBSD)
iD8DBQFAGvQmNh6mMG5yMTYRAjrlAJ9BSXAqTSfDehkqiWfcJFeVD1ufWwCfUvyX
aQvaDj/a4X3LKdFXPjnwRW8=
=JpbT
-----END PGP SIGNATURE-----
--45Z9DzgjV8m4Oswq--
