It kinda looks like the virus or whatever it is, is spoofing
source IP.
Now I am seeing lots of spoofed packets trying to egress out of
our network.
We are filtering egress traffic so obviously its being dropped at
edge of course...
Just cleared access-list counter about a minute or so ago
Jack Bates Wrote:
I have no affiliation with Microsoft, nor do I care about their services
or products. What I do care about is a worm that sends out packets
uncontrolled. If there is the possibility that this planned DOS will
cause issues with my topology, then I will do whatever it takes
All,
What is everyone doing, if anything, to prevent the apparent upcoming
DDoS attack against Microsoft? From what I've been reading, and what
I've been told, August 16th is the apparent start date...
We're looking for some solution to prevent wasting our network
resources
http://www.dslreports.com/forum/remark,7652257~root=security,1~mode=flat;start=0
- Original Message -
From: Josh Fleishman [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, August 14, 2003 5:24 AM
Subject: RE: The impending DDoS storm
Has anyone determined a method
McBurnett, Jim wrote:
But doesn't that mean the hacker won?
If you change the DNS and a user can not get to
windowsupdate, you just helped him create a better
DoS than he had...
I have no affiliation with Microsoft, nor do I care about their services
or products. What I do care about is a worm
On Wed, 13 Aug 2003, Jason Frisvold wrote:
If the blaster cannot get a proper DNS response, it continues to
replicate via port 135... It then goes into a retry cycle and continues
to try to get a good DNS lookup.
has anyone tried tarpitting eg labrea to slow the worm?
-Dan
--
[-] Omae no
Today at 11:24 (-0400), Josh Fleishman wrote:
Date: Thu, 14 Aug 2003 11:24:53 -0400
From: Josh Fleishman [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: RE: The impending DDoS storm
Has anyone determined a method for triggering the DOS attack manually?
We've attempted this by changing
--On Thursday, August 14, 2003 11:24:53 AM -0400 Josh Fleishman
[EMAIL PROTECTED] wrote:
Has anyone determined a method for triggering the DOS attack manually?
We've attempted this by changing an infected machine's clock, however it
did not work on our test box. If anyone has triggered the
]
Subject: Re: The impending DDoS storm
Jack Bates Wrote:
I have no affiliation with Microsoft, nor do I care about their
services or products. What I do care about is a worm that sends out
packets uncontrolled. If there is the possibility that this planned
DOS will cause issues with my
PROTECTED]
Subject: Re: The impending DDoS storm
On Wed, 13 Aug 2003, Jason Frisvold wrote:
All,
What is everyone doing, if anything, to prevent the apparent
upcoming
DDoS attack against Microsoft? From what I've been reading, and what
I've been told, August 16th
===
-Original Message-
From: Jason Frisvold [mailto:[EMAIL PROTECTED]
Sent: Wednesday, August 13, 2003 10:50 AM
To: Ingevaldson, Dan (ISS Atlanta)
Cc: Stephen J. Wilcox; [EMAIL PROTECTED]
Subject: RE: The impending DDoS storm
On Wed, 2003-08-13 at 10:14, Ingevaldson, Dan (ISS
On Wed, 13 Aug 2003, Jason Frisvold wrote:
All,
What is everyone doing, if anything, to prevent the apparent upcoming
DDoS attack against Microsoft? From what I've been reading, and what
I've been told, August 16th is the apparent start date...
We're looking for some
Dan Hollis wrote:
On Wed, 13 Aug 2003, Jason Frisvold wrote:
If the blaster cannot get a proper DNS response, it continues to
replicate via port 135... It then goes into a retry cycle and continues
to try to get a good DNS lookup.
has anyone tried tarpitting eg labrea to slow the worm?
Oh yeah,
Is anyone else seeing backscatters on your network about windowsupdate.com's IP?
Someone who transits through 65.123.21.137 router is sending out lots of packets
to 204.79.188.11 (windowsupdate.com) in which its not currently advertised to
internet as we speak. Not to mention, packets seem to be
Yes, we are starting to see this as well. We are filtering at the edge, so
the bogus packets are not getting out.
We have a /19 of 64.7.128.0/19 and 64.7.229.241 is totally bogus for our
network.
Aug 14 21:59:16 telus-151front /kernel: ipfw: 3 Deny TCP
64.7.229.241:1069
15 matches
Mail list logo