[unisog] Blaster DDOS potential

Kathy Bergsma kathya at nersp.nerdc.ufl.edu
Thu Aug 14 15:37:51 GMT 2003


We had the similar thought, but the DNS entry would point to our local cache so
people could still get patches.  We decided that it wasn't appropriate to mangle
DNS records belonging to others; Microsoft should be the one to make that
choice.  Instead, we decided the best approach was resolve the problem on
network edge - clean and patch.

Regardless of the DDoS Saturday, access to windowsupdate is limited due to patch
downloads now, so we made relevant patches available on our local network.

=============
Kathy Bergsma
UF IT Security Coordinator
352-392-2061

On Thu, 14 Aug 2003, Ed Gibson wrote:

> Hello everyone
>
> This mornings discussions around the water fountain brought forth
> concern about excessive DDOS traffic being thrown outbound this weekend.
> Trendmicros overview of the virus indicates that it is coded to through
> DDOS at windowsupdate.com starting on August 16th. i.e. After midnight
> Friday.... Obviously something we don't want ot spend our weekend
> reacting to. While were cornering as best we can, the remaining Blasters
> were entertaining the idea of hijacking the DNS entry for
> windowsupdate.com and pointing it towards a bit bucket at least until
> Monday morning.
>
> Thoughts/comments?
>
> Ed Gibson
> University of Western Ontario
> Network Operations
>
>



More information about the unisog mailing list