On Tue, 24 Jul 2001, Felix Harris wrote:

> > 1) The Internet has a limited number of root name
> > servers.
> I'm going to make a stab in the dark, but this also assumes that
> nameservers don't cache translations, and by nameservers I mean
> the ones on ISPs and localhosts around the world. This would
> mean that a DoS would have to operate until the cache expired, by
> which time the attacking hosts could have been filtered, or the root
> nameservers could have been kicked.

Actually, a rather nasty thing to do, would have been to set the worm up
to attack www.microsoft.com. If my guess is right, that site uses the same
pipe as support.microsoft.com or windowsupdate.microsoft.com. Had the
person done this, it would have effectly used microsoft's own bug against
it, and would have caused a big problem: how are the people supposed to
obtain the patch if the site holding the patch gets hosed? It's a scarry
thought, but funny one: A DDOS by microsoft's own software against itself.

- Lynn

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]