From: King, Michael (MKing@bridgew.edu)
Date: Tue Aug 19 2003 - 13:25:56 CDT
I'm just forwarding this along, came across my ResNet List. I am not the
original author, but from what he's saying, it makes sense.
Mike
-----Original Message-----
From: Phil Rodrigues
Sent: Tuesday, August 19, 2003 12:22 PM
To: RESNET-L@listserv.nd.edu
Subject: Blaster will DOS NetReg
Hi all,
NetReg, by default, will redirect all namelookups to itself, including
windowsupdate.com. This is how it is designed. Unfortunately, this means
that hosts that are carried into your network by students that are already
infected with Blaster will DOS (TCP port 80 synflood) the web server on
NetReg, since they get leases with a DNS server that redirects
windowsupdate.com to NetReg, which will cause the web server not to
respond.
We added a name record for windowsupdate.com that points to 127.0.0.1 to
the
DNS server on our NetReg box, which should solve the problem. Maybe you
were smarter than us and already did this - if not, do it now.
Phil
=======================================
Philip A. Rodrigues
Network Analyst, UITS
University of Connecticut
email: phil.rodrigues@uconn.edu
phone: 860.486.3743
fax: 860.486.6580
web: http://www.security.uconn.edu =======================================
**********************************************************************
To unsubscribe from this list, send an e-mail message to
majordomo@southwestern.edu containing a single line with the words:
unsubscribe netreg
Send requests for assistance to: owner-netreg@southwestern.edu
**********************************************************************
This archive was generated by hypermail 2.1.4 : Thu Aug 12 2004 - 12:01:40 CDT