jlauro at umflint.edu
Sun Feb 1 18:13:56 GMT 2004
I wonder how much SCO would really be down, or if operators just
panicked, and blocked it...
>From two different parts of the internet (one was tracerouting through
psi.net and the other through alter.net), traceroutes to
126.96.36.199 die just prior to us.xo.net, but to either *.11 or *.13
work fine for many more hops...
Also, it looks like www.sco.com was just recently taken out of DNS
from SCO's name servers... However sco.com still points to the IP,
but it appears blocked...
> -----Original Message-----
> From: list-bounces at dshield.org [mailto:list-bounces at dshield.org] On
> Of Johannes B. Ullrich
> Sent: Sunday, February 01, 2004 9:34 AM
> To: list at dshield.org
> Subject: [Dshield] MyDoom-A/B
> Well, mydoom a & b are now in full swing dDOS'ing sco.com and
> microsoft.com respectively.
> At this point, it looks like 'www.sco.com' is down, but
> doesn't show an impact so far.
> At least Rogers appears to have changed the sco.com DNS record to
> 127.0.0.1. I haven't heard reports from other ISPs, but if you could
> check please and let me know if your ISP is using this to reduce the
> damage on its own infrastructure.
> CTO SANS Internet Storm Center http://isc.sans.org
> phone: (617) 837 2807 jullrich at sans.org
> contact details: http://johannes.homepc.org/contact.htm
More information about the list