[67035] in North American Network Operators' Group
Re: Impending (mydoom) DOS attack
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Sat Jan 31 17:32:22 2004
To: "Stephen J. Wilcox" <steve@telecomplete.co.uk>
Cc: Donovan Hill <lists@lazyeyez.net>,
Leo Bicknell <bicknell@ufp.org>, nanog@merit.edu
In-Reply-To: Your message of "Sat, 31 Jan 2004 18:24:42 GMT."
<Pine.LNX.4.44.0401311816130.1268-100000@server2.tcw.telecomplete.net>
From: Valdis.Kletnieks@vt.edu
Date: Sat, 31 Jan 2004 17:31:03 -0500
Errors-To: owner-nanog-outgoing@merit.edu
--==_Exmh_1936044754P
Content-Type: text/plain; charset=us-ascii
On Sat, 31 Jan 2004 18:24:42 GMT, "Stephen J. Wilcox" said:
> I'm not sure what the point of the DoS is if its intended to be a spam engine,
> that would have the effect of helping to identify and hence clean up the
> infections.
Ahh.. you didn't take the time to think it through. ;)
Consider - the perpetrator releases a *very* noisy worm with a DDoS engine
on it (admittedly buggy). Then you go on vacation someplace warm and sunny,
where visually attractive people of your preferred gender are walking around
wearing a lot more than you need to wear where you were...
Computers catch it. Computers spew it. Computers do their DDoS tapdance.
Hopefully users and ISP staff notice and take action.
Then 3 weeks later, you come back, tanned and rested - and run another
scan. If you find your spam backdoor on port 3127 *still* open on a
machine, you can be fairly sure you can spam away with impunity - if the
user and their ISP didn't notice the box spewing mail the FIRST time, they
won't notice the second time.....
--==_Exmh_1936044754P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iD8DBQFAHCymcC3lWbTT17ARAsa3AJ9weN7NJDinuciwGkurA+hr+EjgIACg0fK9
7pwXp+eRg4nfSYK9TznPmSE=
=6QG7
-----END PGP SIGNATURE-----
--==_Exmh_1936044754P--
