Posted by
CmdrTaco
on from the no-surprise-there dept.
quakeslut writes "It's Feb. 1st everyone... and all of you who have been reading Slashdot know that today MyDoom.A begins it's attack... according to Reuters, SCO has already been hit hard. Stay tuned for Tuesday when MyDoom.B hits Microsoft..."
Well actually...
by
Chicane-UK
·
· Score: 5, Informative
If you query their DNS servers, you'll see that they have removed the A records to their site.
So the traffic just won't get to them anyway..
-- "Hey! Unless this is a nude love-in, get the hell off my property!!"
Re:Well actually...
by
anticypher
·
· Score: 5, Informative
Not yet. I just checked all 4 of their name servers:
AUTHORITY SECTION: sco.com. 6H IN NS ns.calderasystems.com. sco.com. 6H IN NS ns2.calderasystems.com. sco.com. 6H IN NS nsca.sco.com. sco.com. 6H IN NS c7ns1.center7.com.
and all of them return www.sco.com. 1M IN A 216.250.128.12
So their name servers are still up and running, and pointing to a valid address. Reasonably, they have a 1 minute TTL, which will give them a quick response if they do decide to point it at 127.0.0.1 or 66.35.250.150.
the AC
the slashdot crud filter doesn't like double semi-colons in posts
-- Hemos is like...sci-fi fans;he thinks technology is cool, but he hasn't bothered to understand the science it's based on
It shouldn't have happened yet
by
linuxci
·
· Score: 5, Informative
I think SCO have took their site down themselves as the attack shouldn't have happened yet.
The DoS attack will start at 16:09:18 UTC (08:09:18 PST) on February 1, 2004. The worm checks the local system time and date to determine if it should initiate the DoS attack
I'm typing this and the time is currently 14:30UTC.
For those who are interested, it does appear to work in wine, before the news of it reached slashdot, I ran a copy of it in controlled conditions under Wine to see what it would do. It appears to be mainly a spam relay with SCO DOS'ing added as an afterthought.
DDoS attack time table + analysis of DoS in Mydoom
by
Anonymous Coward
·
· Score: 5, Informative
There was a story posted "Refuting tall-tales and stories about the Mydoom worms" which can be found at: http://www.math.org.il/mydoom-facts.txt
It contains the Time Table for the attack along with reverse engineering analysis of the DoS component in Mydoom.
You might also want to check: http://www.math.org.il/newworm-digest1.txt
Which contains an analysis and reverse engineering bits for Mydoom.A>
But wait!!! I can prove it's not the virus.
by
dtfinch
·
· Score: 5, Informative
www.sco.com no longer resolves. They removed it from their name server yesterday. Only sco.com without the www resolves to an ip address. The attack should be almost completely averted by now because of this, but sco.com is still down.
The only possible cause I see for them to still be offline is if they took it offline themselves, or there's been another attack that they've failed to mention to the press, but it's unlikely that they'd turn down any opportunity to slam us if that were the case. Check it yourselves. The worm specifically attacks the domain www.sco.com, which no longer exists, and the dns entry expired yesterday. All that worm traffic should be going to oblivion by now, because Windows doesn't reuse expired dns records when requery attempts fail.
Slashdot Mirror
If you query their DNS servers, you'll see that they have removed the A records to their site.
So the traffic just won't get to them anyway..
"Hey! Unless this is a nude love-in, get the hell off my property!!"
From this page:
The DoS attack will start at 16:09:18 UTC (08:09:18 PST) on February 1, 2004. The worm checks the local system time and date to determine if it should initiate the DoS attack
I'm typing this and the time is currently 14:30UTC.
For those who are interested, it does appear to work in wine, before the news of it reached slashdot, I ran a copy of it in controlled conditions under Wine to see what it would do. It appears to be mainly a spam relay with SCO DOS'ing added as an afterthought.
There was a story posted "Refuting tall-tales and stories about the Mydoom worms" which can be found at:
t
http://www.math.org.il/mydoom-facts.txt
It contains the Time Table for the attack along with reverse engineering analysis of the DoS component in Mydoom.
You might also want to check:
http://www.math.org.il/newworm-digest1.tx
Which contains an analysis and reverse engineering bits for Mydoom.A>
www.sco.com no longer resolves. They removed it from their name server yesterday. Only sco.com without the www resolves to an ip address. The attack should be almost completely averted by now because of this, but sco.com is still down.
The only possible cause I see for them to still be offline is if they took it offline themselves, or there's been another attack that they've failed to mention to the press, but it's unlikely that they'd turn down any opportunity to slam us if that were the case. Check it yourselves. The worm specifically attacks the domain www.sco.com, which no longer exists, and the dns entry expired yesterday. All that worm traffic should be going to oblivion by now, because Windows doesn't reuse expired dns records when requery attempts fail.
> www.sco.com
Server: ns.calderasystems.com
Address: 216.250.130.1
*** ns.calderasystems.com can't find www.sco.com: Non-existent domain
> sco.com
Server: ns.calderasystems.com
Address: 216.250.130.1
Non-authoritative answer:
Name: sco.com
Address: 216.250.128.12