[Dshield] MyDoom/NoVarg DoS details

ALEPH0 aleph0 at pacbell.net
Wed Jan 28 17:02:45 GMT 2004


Could point to whatever you want to identify the infected systems, not
necessarily a full production web server.  Alternatively, just point it to
127.0.0.1.  This is of couse apporpriate if and only if nobody who uses your
DNS needs to go to sco.com.

-----Original Message-----
From: list-bounces at dshield.org [mailto:list-bounces at dshield.org]On
Behalf Of Stephane Grobety
Sent: Wednesday, January 28, 2004 6:24 AM
To: General DShield Discussion List
Subject: Re[2]: [Dshield] MyDoom/NoVarg DoS details


RK> I suppose one could add an entry into there own DNS that points toward
there
RK> own static intranet webpage, for gathering local ip's of infected pcs,
with
RK> a link to sco.com, or perhaps a link to a removal tool for the virus or
even
RK> an auto script to disinfect the pc.  One might even add an entry into
the
RK> host records on the pc to inform users and provide solutions/links to
virus
RK> repair tools.

Hum... I think not: the last thing I need is my own machine DDoSing my
intranet web server... I'll rely on the domain policies that fore the
deployment of NAVCE and up-to-date DAT files and I might just launch a
few preemptive virus sweep and see  what it comes up with.

I've also launch a network-wide nmap scan on the backdoor ports in my
network.

RK> Just a thought with 1st cup of coffee,

Ah... You're excused, then :) Enjoy your coffee :)

Good luck,
Stephane

_______________________________________________
list mailing list
list at dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list




More information about the list mailing list