[Dshield] Blaster date forward.

BarkerJr barkerjr at barkerjr.net
Sat Aug 16 02:28:42 GMT 2003


> > So, this means that they'll all stop scanning because windowsupdate.com
> > resolves to 127.0.0.1?  Very cool!
>
> No. They stop scanning if it does not resolve at all. At least in my
> end of the net, windowsupdate.com is not resolving at all.

Ah, it's just Cox cable, I guess.

; <<>> DiG 9.2.2 <<>> windowsupdate.com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36754
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0

;; QUESTION SECTION:
;windowsupdate.com.             IN      A

;; ANSWER SECTION:
windowsupdate.com.      71134   IN      A       127.0.0.1

;; AUTHORITY SECTION:
windowsupdate.com.      243934  IN      NS      lkhndnss01.rd.at.cox.net.
windowsupdate.com.      243934  IN      NS      lkhndnss02.rd.at.cox.net.

;; Query time: 26 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Aug 15 22:18:16 2003
;; MSG SIZE  rcvd: 114


I'm no expert, but I'm guessing that DiG is telling me that Cox cable's DNS
servers have been set up to say that windowsupdate.com is 127.0.0.1.  I
guess Cox customers won't be scanning, anyways.





More information about the list mailing list