[Dshield] DDOS Started?

Geoff Shively gshively at pivx.com
Fri Aug 15 19:48:27 GMT 2003


The worm was supposed to dDoS windowsupdate.com.

You are correct, the DNS entries were removed for
www.windowsupdate.com.

It doesn't know to try windowsupdate.microsoft.com, and
this is one of the problems with the worms success.

I will bet the writer is kicking himself in the ass right now.

Cheers,

Geoff Shively, CHO
PivX Solutions, LLC

Are You Secure?
http://www.pivx.com

----- Original Message ----- 
From: "Keith Bergen" <keith at keithbergen.com>
To: "General DShield Discussion List" <list at dshield.org>
Sent: Friday, August 15, 2003 12:17 PM
Subject: Re: [Dshield] DDOS Started?


> I have noticed that there are no longer any DNS entries for
> windowsupdate.com or www.windowsupdate.com.
> windowsupdate.microsoft.com still works.
>
> I saw reports that the worm attacks www.windowsupdate.com.
> Does anybody know if it is exclusively that IP, or if it will
> try windowsupdate.microsoft.com?
>
> If it will only attack windowsupdate.com, then Microsoft has
> fixed it by elminating that domain for a while.
>
> Thoughts?
>
> Keith.
>
> ---- Original message ----
> >Date: Fri, 15 Aug 2003 13:06:17 -0500
> >From: "Micheal Patterson" <micheal at cancercare.net>
> >Subject: Re: [Dshield] DDOS Started?
> >To: "General DShield Discussion List" <list at dshield.org>
> >
> >Synched or not, you have to realize that today, in certain
> parts of the
> >world, it IS the Saturday the 16th. :)
> >
> >--
> >
> >Micheal Patterson
> >TSG Network Administration
> >405-917-0600
> >
> >Confidentiality Notice:  This e-mail message, including any
> attachments, is
> >for the sole use of the intended recipient(s) and may
> contain confidential
> >and privileged information. Any unauthorized review, use,
> disclosure or
> >distribution is prohibited. If you are not the intended
> recipient, please
> >contact the sender by reply e-mail and destroy all copies of
> the original
> >message.
> >
> >
> >----- Original Message ----- 
> >From: "John Hardin" <johnh at aproposretail.com>
> >To: "General DShield Discussion List" <list at dshield.org>
> >Sent: Friday, August 15, 2003 10:37 AM
> >Subject: Re: [Dshield] DDOS Started?
> >
> >
> >> On Thu, 2003-08-14 at 23:27, Jonathan Rickman wrote:
> >> > All microsoft.com hosts are unresponsive from my little
> corner of the
> >net.
> >> > Others are reporting similar issues on the NANOG list.
> >>
> >> Prolly. I think it's a little optimistic to assume all
> windows users
> >> have their system clocks properly synced... :)
> >>
> >> --
> >> John Hardin  KA7OHZ
> >> Internal Systems Administrator                    voice:
> (425) 672-1304
> >> Apropos Retail Management Systems, Inc.             fax:
> (425) 672-0192
> >> -----------------------------------------------------------
> ------------
> >>  "...in retrospect, we probably should have turned it on
> by default."
> >>      - Craig Mundie, Microsoft CTO, on shipping Windows XP
> with the
> >>        much-hyped "Internet Connection Firewall" turned
> off by default
> >> -----------------------------------------------------------
> ------------
> >>  6 days until company picnic and AquaSox game
> >>
> >> _______________________________________________
> >> list mailing list
> >> list at dshield.org
> >> To change your subscription options (or unsubscribe), see:
> >http://www.dshield.org/mailman/listinfo/list
> >>
> >
> >_______________________________________________
> >list mailing list
> >list at dshield.org
> >To change your subscription options (or unsubscribe), see:
> http://www.dshield.org/mailman/listinfo/list
>
> _______________________________________________
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list




More information about the list mailing list