[Dshield] MyDoom/NoVarg DoS details

Rick Klinge rick at jaray.net
Wed Jan 28 13:45:45 GMT 2004


I suppose one could add an entry into there own DNS that points toward there
own static intranet webpage, for gathering local ip's of infected pcs, with
a link to sco.com, or perhaps a link to a removal tool for the virus or even
an auto script to disinfect the pc.  One might even add an entry into the
host records on the pc to inform users and provide solutions/links to virus
repair tools. 

# Host file - any existing records
127.0.0.1   	localhost
# Used to point to local intranet site
# 192.168.0.10 would be the local intranet site
192.168.0.10	www.example.com
	

Just a thought with 1st cup of coffee,

~Rick

> -----Original Message-----
> From: list-bounces at dshield.org 
> [mailto:list-bounces at dshield.org] On Behalf Of Eric Hines
> Sent: Tuesday, January 27, 2004 2:30 PM
> To: intrusions at incidents.org; list at dshield.org
> Subject: [Dshield] MyDoom/NoVarg DoS details
> 
> 
> Does anyone here have any details on the type of Denial of 
> Service attack that 
> MyDoom/Novarg launches against SCO.COM in Feb? What solutions 
> if any are 
> recommended for this date, a null route? Is it just outbound 
> port 80 SYN floods?
> 
> Regards,
> Eric Hines
> 

___________________________________________________________________
Virus Scanned and Filtered by http://www.FamHost.com E-Mail System.




More information about the list mailing list