[nsp-sec] FW: Storm worm changing DNS resolver settings on victim system
Barry Greene (bgreene)
bgreene at cisco.com
Wed Mar 12 14:11:41 EDT 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> On Wed, 12 Mar 2008 12:27:02 -0400
> "Lawrence Baldwin" <baldwinl at mynetwatchman.com> wrote:
>
> > Given the prevalence of Storm I'm guessing this is going to
> manifest
> > itself to a lot of customer care calls as the open
> recursive servers
> > set by Storm get locked down (or not).
>
> I predict the closing of yet another port and the garden's
> wall getting another brick cemented in where this hasn't
> already happened.
Is it?
Assuming this is a reaction to our (the broader community) use of DNS as
a poising and detection tool.
Our next response would be to block port 53 to any DNS server but our
own servers (i.e. force customer to use the SP's infrastructure). What
would the next consequence be in the chain of consequences? Jump to a
different port?
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1
iQA/AwUBR9gc3L/UEA/xivvmEQICHQCg8APCZkWA1dKHqbXjnyRAlQQbAQAAoOGq
Zcba23Mj1HhldmW5j2A0yXnF
=yBWS
-----END PGP SIGNATURE-----
More information about the nsp-security
mailing list