[Dshield] MyDoom/NoVarg DoS details

Johannes B. Ullrich jullrich at sans.org
Tue Jan 27 21:54:58 GMT 2004

On Tue, 2004-01-27 at 15:30, Eric Hines wrote:
> Does anyone here have any details on the type of Denial of Service attack that 
> MyDoom/Novarg launches against SCO.COM in Feb? What solutions if any are 
> recommended for this date, a null route? Is it just outbound port 80 SYN floods?

I haven't been able to trigger the sco.com attack yet in my lab.
However, the virus includes these strings:

GET / HTTP/1.1
Host: www.sco.com

suggesting that it will try to issue a full request.

CTO SANS Internet Storm Center               http://isc.sans.org
phone: (617) 837 2807                          jullrich at sans.org 

contact details: http://johannes.homepc.org/contact.htm
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://www.dshield.org/pipermail/list/attachments/20040127/d72484d3/attachment.bin

More information about the list mailing list