Try some other tests using no A record for windowsupdate.com in your local zone,We also tested this solution to answer nothing to query as with an unresolved domain.
you will notice that the damages are even smaller doing that instead of localhost (127.0.0.1).
But finally the solution answered localhost was kept because we hope a machine SYN flooding will behave badly enough so its user creates a call and so we could know the machine requires to be patched.
Thanks for raising the idea, some others might prefer this version.
Brgrds
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
