Everyone seems a little confused on the windowsupdate.com DDoS. It is a rather mute point as it is easily fixable. They just need to remap it to 127.0.0.1 and all the SYN's will die on the local host of the infected machine. Routing windowsupdate.com to 127.0.0.1 will not break anyone's ability to get patches as "windowsupdate.com" is not directly used.
That is only a workaround for this single host attack though, in the end everyone (even patched people) can get screwed by this flaw and new worms until enough people have patched. eEye Blaster Worm Analysis http://www.eeye.com/html/Research/Advisories/AL20030811.html Signed, Marc Maiffret Chief Hacking Officer eEye Digital Security T.949.349.9062 F.949.349.9538 http://eEye.com/Retina - Network Security Scanner http://eEye.com/Iris - Network Traffic Analyzer http://eEye.com/SecureIIS - Stop known and unknown IIS vulnerabilities | -----Original Message----- | From: [EMAIL PROTECTED] | [mailto:[EMAIL PROTECTED] Behalf Of martin f | krafft | Sent: Tuesday, August 12, 2003 9:27 AM | To: [EMAIL PROTECTED] | Subject: [Full-Disclosure] Re: [normal] RE: Windows Dcom Worm planned | DDoS | | | also sprach martin f krafft <[EMAIL PROTECTED]> [2003.08.12.1654 +0200]: | > Why on earth would you want to help protect Micro$oft's service? | > Either they can deal with their crap themselves, or you should be | > using proper software. I'll probably make sure to infect a couple of | > computers on Saturday just for the sake of DoS'ing their site. | | And aside, we are talking about a SYN flood attack here, no? If | Micro$oft can't deal with those, knowing of their advent, then they | aren't worth being helped. | | -- | martin; (greetings from the heart of the sun.) | \____ echo mailto: !#^."<*>"|tr "<*> mailto:"; [EMAIL PROTECTED] | | invalid/expired pgp subkeys? use subkeys.pgp.net as keyserver! | | tempt not a desperate man. | -- william shakespeare | _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
