NetReg will DOS itself with Blaster

Phil.Rodrigues at uconn.edu Phil.Rodrigues at uconn.edu
Tue Aug 19 16:20:17 GMT 2003


Hi all,

NetReg, by default, will redirect all namelookups to itself, including 
windowsupdate.com.  This is how it is designed.  Unfortunately, this means 
that hosts that are carried into your network by students that are already 
infected with Blaster will DOS (TCP port 80 synflood) the web server on 
NetReg, since they get leases with a DNS server that redirects 
windowsupdate.com to NetReg, which will cause the web server not to 
respond.

We added a name record for windowsupdate.com that points to 127.0.0.1 to 
the DNS server on our NetReg box, which should solve the problem.  Maybe 
you were smarter than us and already did this - if not, do it now.

Phil

=======================================
Philip A. Rodrigues
Network Analyst, UITS
University of Connecticut

email: phil.rodrigues at uconn.edu
phone: 860.486.3743
fax: 860.486.6580
web: http://www.security.uconn.edu
=======================================



More information about the unisog mailing list