[Dshield] MyDoom/NoVarg DoS details
Johannes B. Ullrich
jullrich at sans.org
Tue Jan 27 21:54:58 GMT 2004
On Tue, 2004-01-27 at 15:30, Eric Hines wrote:
> Does anyone here have any details on the type of Denial of Service attack that
> MyDoom/Novarg launches against SCO.COM in Feb? What solutions if any are
> recommended for this date, a null route? Is it just outbound port 80 SYN floods?
I haven't been able to trigger the sco.com attack yet in my lab.
However, the virus includes these strings:
GET / HTTP/1.1
suggesting that it will try to issue a full request.
CTO SANS Internet Storm Center http://isc.sans.org
phone: (617) 837 2807 jullrich at sans.org
contact details: http://johannes.homepc.org/contact.htm
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://www.dshield.org/pipermail/list/attachments/20040127/d72484d3/attachment.bin
More information about the list