RE: microsoft.com - what happens when there is no DNS record
Our assessment of worm's behavior is below: If windowsupdate.com fails to resolve, it will return a -1, which is not interpreted because this routine has no error checking. The worm then attempts to send its SYN packets to 255.255.255.255, which may have done some interesting things, but it looks like the Windows raw socket implementation won't let that packet out. So basically, nothing happens. There might be some issues with cached DNS, but besides that it looks like the majority of the infections won't be doing much of anything besides eating CPU cycles on the infected hosts. Regards, =============================== Daniel Ingevaldson Engineering Manager, X-Force R&D dsi@iss.net 404-236-3160 Internet Security Systems, Inc. The Power to Protect http://www.iss.net =============================== -----Original Message----- From: McBurnett, Jim [mailto:jmcburnett@msmgmt.com] Sent: Friday, August 15, 2003 10:26 AM To: Patrick_McAllister@WASHGAS.COM; Robbie Foust Cc: Bryan Heitman; nanog@merit.edu; owner-nanog@merit.edu; Chris Horry Subject: RE: microsoft.com good here thru AT&T and Broadwing.. Jim -----Original Message----- From: Patrick_McAllister@WASHGAS.COM [mailto:Patrick_McAllister@WASHGAS.COM] Sent: Friday, August 15, 2003 10:16 AM To: Robbie Foust Cc: Bryan Heitman; nanog@merit.edu; owner-nanog@merit.edu; Chris Horry Subject: Re: microsoft.com No problems here, UUNET out of DC.... Robbie Foust <rfoust@duke.edu> To: Chris Horry <zerbey@wibble.co.uk> Sent by: cc: Bryan Heitman <bryan@bryanheitman.com>, nanog@merit.edu owner-nanog@merit Subject: Re: microsoft.com .edu 08/15/2003 10:04 AM I've had no problem getting to Microsoft's site(s) today...I'm in the southeastern US if it makes a difference. - Robbie Chris Horry wrote:
Bryan Heitman wrote:
Several networks I have talked to are reporting they can't get to www.microsoft.com
Has the virus began? anyone?
Yep, remember it's already August 16th in some parts of the world. Unable to get to www.microsoft.com at 0958 EDT.
Chris
-- Robbie Foust, IT Analyst Systems and Core Services Duke University
participants (1)
-
Ingevaldson, Dan (ISS Atlanta)