[unisog] counting down to midnight

Mike Iglesias iglesias at draco.acs.uci.edu
Fri Aug 15 15:33:42 GMT 2003


> We have had a busy morning getting ready to cope with the expected DOS
> from Blaster.  This email to our computer support staff outlines what we
> are doing...
> 
> <quote>
> Hi All,
>         We are pursuing 4 strategies to mitigate the effect of the
> expected DoS:
>      1. Continue working on getting infected machines cleaned and
>         patched (this is the most important process!).
>      2. We are currently putting access lists sector switches that block
>         and traffic to the IP addresses used by windowsupdate.com.
>      3. We are also filtering outbound traffic that does not have
>         130.216.0.0/16 source addresses.
>      4. We have 'poisoned' our DNS so than any attempts to resolve
>         windowsupdate.com will resolve to 127.0.0.1 i.e. the loop back
>         interface.
> </quote>

Microsoft has removed the IP address record for windowsupdate.com
from their DNS, so any attempt to resolve it results in no IP address,
which should stop the DoS before it starts.

We're still going to block the IP address that was in DNS earlier in
the week at our border, just in case.


Mike Iglesias                          Email:       iglesias at draco.acs.uci.edu
University of California, Irvine       phone:       949-824-6926
Network & Academic Computing Services  FAX:         949-824-2069



More information about the unisog mailing list