North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: Impending (mydoom) DOS attack
I believe there is major and perhaps fatal flaw in this analysis. Valdis.Kletnieks@vt.edu wrote: > > On Sat, 31 Jan 2004 18:24:42 GMT, "Stephen J. Wilcox" said: > > I'm not sure what the point of the DoS is if its intended to be a spam engine, > > that would have the effect of helping to identify and hence clean up the > > infections. > > Ahh.. you didn't take the time to think it through. ;) > > Consider - the perpetrator releases a *very* noisy worm with a DDoS engine > on it (admittedly buggy). Then you go on vacation someplace warm and sunny, > where visually attractive people of your preferred gender are walking around > wearing a lot more than you need to wear where you were... ^^^^ The analysis works if that was the word "less". > > Computers catch it. Computers spew it. Computers do their DDoS tapdance. > Hopefully users and ISP staff notice and take action. > > Then 3 weeks later, you come back, tanned and rested - and run another > scan. If you find your spam backdoor on port 3127 *still* open on a > machine, you can be fairly sure you can spam away with impunity - if the > user and their ISP didn't notice the box spewing mail the FIRST time, they > won't notice the second time..... I doubt that the length of 3 is important. Based on my past experience "Then 3 weeks later" can be replaced by "Some time later when the cold is gone".