[67032] in North American Network Operators' Group
Re: [Full-Disclosure] Mydoom DDoS attack time table
daemon@ATHENA.MIT.EDU (James Edwards)
Sat Jan 31 15:58:14 2004
From: James Edwards <hackerwacker@tarpit.cybermesa.com>
Reply-To: hackerwacker@cybermesa.com
To: "nanog@merit.edu" <nanog@merit.edu>
In-Reply-To: <401BC944.5050502@egotistical.reprehensible.net>
Date: Sat, 31 Jan 2004 13:57:28 -0700
Errors-To: owner-nanog-outgoing@merit.edu
On Sat, 2004-01-31 at 08:27, Gadi Evron wrote:
> I apologize if in my previous email I didn't make it clear, this is an
> important issue for system administrators world wide, so I am emailing
> again in regard to this subject alone - a time table for the Mydoom DDoS
> attack.
>
> In my post from the 30th of January with the subject: "Refuting
> tall-tales and stories about the Mydoom.A and Mydoom.B worms" -
> we released an analysis of the Mydoom worms DoS mechanism, refuting
> rumors about it not existing (http://www.math.org.il/mydoom-facts.txt).
>
> You can find a _time_table _for when the DDoS attack will happen, as
> calculated by a C program Joe Stewart wrote at:
> http://www.math.org.il/mydoom-a-timeline.txt
>
> Mydoom.B has a time line too, but it can't be predicted as definitely
> because of an extra random check.
>
> For more information about the DoS attack itself performed by the worm,
> how and when (including reverse engineering bits) you should check the
> above mentioned article.
>
> Gadi Evron.
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
