Aug. 14th, 2003

Countdown

Aug. 14th, 2003 09:38 pm
doc_strange: (Agamotto got nothing on this.)
Shameful to say, I had to pull up a timezone map to figure out that... at 7AM Central time US, tomorrow, NZ will see the MSBlaster worm kicking off its flood at the windowsupdate.com website.

Upshot: companies with "just a few" infected hosts will see those hosts pound TCP SYN traffic at port 80 on windowsupdate.com as fast as they can. A single host can flood out a 100M ethernet segment, and ergo, just about any company's ourbound Internet capacity.

If you hadn't found all the infected hosts in your enterprise... you'll sure find them now.

Clever trick #1 that a number of people have discussed: The worm uses DNS to look up windowsupdate.com (which is, after all, dynamically load-balanced geographically with variable IP)... so no escape for MS -- Mr. Worm will find them yet! The clever trick is that companies with their own *internal* DNS can set up *.windowsupdate.com to resolve to 127.0.0.1. Infected hosts will just beat on themselves, causing no disruption.

The wave of worms activating their DoS mode will be highly reminiscent of the Y2K watch on new year's eve. Let's hope it's as uneventful.

Profile

doc_strange: (Default)doc_strange

April 2025

S M T W T F S
  12345
67891011 12
13141516171819
20212223242526
27282930   

Page Summary

Style Credit

Expand Cut Tags

No cut tags
Page generated Aug. 9th, 2025 10:15 pm
Powered by Dreamwidth Studios