08-15-2003, 10:22 AM
Christ...they are also saying tcp port 4444 and UDP 69 (TFTP). Just make sure
all of your ports are closed or stealthed. Then you are safe regardless.
Here is another post from Symantec for what's suppose to happen on the 16th.
all of your ports are closed or stealthed. Then you are safe regardless.
Here is another post from Symantec for what's suppose to happen on the 16th.
Quote:The following are recommendations for mitigating the Denial of Service payload which is set to activate on 8/16.
Internal DNS-spoofing of windowsupdate.com to a special ip-address. This will alert you to infected machines if you have a 'listening server' catching the syn flood. Reroute windowsupdate.com to the IP address of an internal machine with port 80 firewalled will help to avoid ACKs, RSTs, and ICMP unreachable's.
Reroute windowsupdate.com to 127.0.0.1. This may result in lots of RSTs on your network (Windows may send RSTs from 127.0.0.1 to the spoofed addresses)
If your DNS server allows, reroute windowsupdate.com to the IP 0.0.0.0.
Configuration of anti-spoofing-rules on routers if not already implemented. This will prevent a high percentage of packets leaving the network. Using uRPF or egress ACLs will be highly effective.