Re: New IIS worm

To: debian-security@lists.debian.org
Subject: Re: New IIS worm
From: Sam Couter <sam@topic.com.au>
Date: Sun, 23 Sep 2001 14:08:40 +1000
Message-id: <[🔎] 20010923140840.A2814@mailhost.topic.com.au>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <[🔎] 20010922102659.A7887@e-jorgensen.freeserve.co.uk>
References: <[🔎] 000e01c14176$64888720$6501a8c0@rab1> <[🔎] 01092122375800.04805@merlin01> <[🔎] 20010922102659.A7887@e-jorgensen.freeserve.co.uk>

Karl E. Jorgensen <karl@jorgensen.com> wrote:
> Doesn't this leave you open to DOS attacks? I'm thinking that source IP
> addresses are relatively easy to forge, and hence an attacher can forge
> a nimda attach and cause you to block off legitimate IP addresses -
> ie. your DNS server our default gateway...

To forge a Nimda attack would require you to forge a TCP connection. That's
not easy, unless the attacker is on the network path to the forged address.
-- 
Sam Couter          |   Internet Engineer   |   http://www.topic.com.au/
sam@topic.com.au    |   tSA Consulting      |
OpenPGP key ID:       DE89C75C,  available on key servers
OpenPGP fingerprint:  A46B 9BB5 3148 7BEA 1F05  5BD5 8530 03AE DE89 C75C

Attachment: pgpAt31Yv6aLS.pgp
Description: PGP signature

Reply to:

Follow-Ups:
- Re: New IIS worm
  - From: "Karl E. Jorgensen" <karl@jorgensen.com>

References:
- RE: New IIS worm
  - From: "R Allen Blowers" <ablowers@mindspring.com>
- Re: New IIS worm
  - From: Johann Schwarzmeier <Johann.Schwarzmeier@gmx.de>
- Re: New IIS worm
  - From: "Karl E. Jorgensen" <karl@jorgensen.com>

Prev by Date: Re: password expire and sshd doesn't allow ppl to change it
Next by Date: Re: password expire and sshd doesn't allow ppl to change it
Previous by thread: Re: New IIS worm
Next by thread: Re: New IIS worm
Index(es):
- Date
- Thread