-----Original Message-----
From: "Charles Arthur, The Independent" <carthur@xxxxxxxxxxxxxxxxx>
Date: Wed, 04 Feb 2004 12:45:48
To:dave@xxxxxxxxxx
Cc:mary.shaw@xxxxxxxxxx
Subject: Re: [IP] AP story on Msoft blocking Mydoom.B
Hi ...
At 7:32 am -0500 on 4/2/04, you wrote:
>Here's the AP story on Microsoft resisting the Mydoom.B virus attack. The
>sentence, "Microsoft did say that computers infected with the virus would
>not be able to access Microsoft's Web site." is particularly interesting.
>How do you suppose they detect infection in order to block access?
(1) set up list of IP addresses sending pings to MSoft in manner of
MyDoom-infected PC: add those to your server's "deny" list.
That's it.
For dynamically-assigned addresses, have the blocklist in (1) drop an IP
address after no pings received for eg 2hrs.
Should be perhaps 30 minutes' work (tops) for any decent programmer. I hear
MS has some to spare.
best
Charles
--
-------------------------------------------------------------------
The Independent newspaper on the Web: http://www.independent.co.uk/
It's even better on paper
________________________________________________________________________
This email has been scanned for all viruses by the MessageLabs Email
Security System. For more information on a proactive email security
service working around the clock, around the globe, visit
http://www.messagelabs.com
________________________________________________________________________
-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
http://v2.listbox.com/member/?listname=ip
Archives at: http://www.interesting-people.org/archives/interesting-people/