[unisog] Windows Update

Tracey Losco tracey at nyu.edu
Thu Aug 14 16:47:07 GMT 2003


Peter,

What I've read so far is that it will perform a synflood over port 
80.  Kind of makes it a bit difficult to block, unless your 
monitoring specifically for ackless syns.... ;-)

At 8:24 AM -0700 8/14/03, Peter Van Epp wrote:
>On Wed, Aug 13, 2003 at 10:14:02PM -0500, E. Larry Lidz wrote:
><snip>
>>
>>  The second concern is the infected machines on our network that might
>>  be contributing to the DoS. We've pretty much eliminated the worm from
>>  our campus proper, but it runs rampant in our modem pool (we're
>>  blocking appropriate ports in both directions to prevent it from
>>  infecting others) and we have occasional new infections. Regardless,
>>  we're going to be sending some packets Microsoft's way no matter what.
>>
>
>	Do we know what port or ports the DOS is going to use? I'd be tempted
>to block them towards MS at the border. While that may take out Windows
>Update locally (we have a local copy of the blaster patch and little sympathy
>for those that didn't patch when asked to) it should at least keep us from
>adding to the din. Although I'm down to whacking one or 2 infected machines
>a day at this point and quite willing and able to whack anyone attempting
>to DOS MS (even though they probably deserve it) and thats the fallback plan.
>
>Peter Van Epp / Operations and Technical Support
>Simon Fraser University, Burnaby, B.C. Canada


-- 
--------------------------------------------------------------------
Tracey Losco
Network Security Analyst		security at nyu.edu
ITS - Network Services		http://www.nyu.edu/its/security
New York University			(212) 998 - 3433

PGP Fingerprint: 8FFB FE47 6156 7BF0  B19E 462B 9DFE 51F5



More information about the unisog mailing list