[67025] in North American Network Operators' Group


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Impending (mydoom) DOS attack

daemon@ATHENA.MIT.EDU (Mikael Abrahamsson)
Sat Jan 31 02:02:22 2004

Date: Sat, 31 Jan 2004 08:01:20 +0100 (CET)
From: Mikael Abrahamsson <swmike@swm.pp.se>
To: nanog@merit.edu
In-Reply-To: <20040131164903.D49417@plutonium.syd.ntt.net.au>
Errors-To: owner-nanog-outgoing@merit.edu

;; ANSWER SECTION:
www.sco.com.            60      IN      A       216.250.128.12

As far as I can see, someone has taken precation and lowered the TTL on 
www.sco.com to 60 seconds so any DOS attack towards www.sco.com can be 
hindered by them changing their DNS information. This wont stop any DoS in 
progress, or it might, I dont know if the worm will do repeated DNS 
resolves or only do it once and keep sending data to that IP until reboot.

-- 
Mikael Abrahamsson    email: swmike@swm.pp.se


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[67025] in North American Network Operators' Group

Re: Impending (mydoom) DOS attack

daemon@ATHENA.MIT.EDU (Mikael Abrahamsson)Sat Jan 31 02:02:22 2004

daemon@ATHENA.MIT.EDU (Mikael Abrahamsson)
Sat Jan 31 02:02:22 2004