If the blaster cannot get a proper DNS response, it continues to replicate via port 135... It then goes into a retry cycle and continues to try to get a good DNS lookup.
On Wed, 2003-08-13 at 12:25, Lloyd Taylor wrote:
> Does anyone have any notion of what the Blaster worm will do if the
> DNS lookup for "windowsupdate.com" returns NXDOMAIN? If it handles this
> case by not sending any micreant love, might that not be the best way
> to mitigate the potential damage?
>
> --Lloyd
>
> On Wed, 13 Aug 2003, Jack Bates wrote:
>
> > Date: Wed, 13 Aug 2003 11:10:13 -0500
> > From: Jack Bates <[EMAIL PROTECTED]>
> > To: Jason Frisvold <[EMAIL PROTECTED]>
> > Cc: "Ingevaldson, Dan (ISS Atlanta)" <[EMAIL PROTECTED]>,
> > Stephen J. Wilcox <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
> > Subject: Re: The impending DDoS storm
> >
> >
> > On Wed, 2003-08-13 at 10:55, Ingevaldson, Dan (ISS Atlanta) wrote:
> > >-Does one DNS lookup on "windowsupdate.com" and then uses the IP
> >
> > No, I wouldn't dream of setting windowsupdate.com to 127.0.0.1. Who in
> > their right mind would do that?
> >
> > -Jack
> >
--
---------------------------
Jason H. Frisvold
Backbone Engineering Supervisor
Penteledata Engineering
[EMAIL PROTECTED]
RedHat Engineer - RHCE # 807302349405893
Cisco Certified - CCNA # CSCO10151622
MySQL Core Certified - ID# 205982910
---------------------------
"Imagination is more important than knowledge.
Knowledge is limited. Imagination encircles
the world."
-- Albert Einstein [1879-1955]
signature.asc
Description: This is a digitally signed message part
