Re: ASP script to parse URLSCAN.log file and add to a database.

From: Michelle Erbeck (michelle@MAEDATA.NET)
Date: 11/05/01


Message-ID:  <006101c165bb$187512e0$020210ac@maedata.net>
Date:         Mon, 5 Nov 2001 00:26:52 -0500
From: Michelle Erbeck <michelle@MAEDATA.NET>
Subject:      Re: ASP script to parse URLSCAN.log file and add to a database.
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

its no different than MAPS publishing open relays. Not securing machines and
participating in code red and nimda propagation is ir-responsible. Admins at
least now have choice to block addresses. We occassionally send email to
ISP's to look for addresses they provide in the list so they can notify
customers who are infected.

In time we hope to automate the emailing process as well as incorporate a
capability to null route those addresses in the database therefore blocking
those addresses.

Its simple, to not get published run secured machines.

I am surprised by your statment, but there is always someone who thinks they
have rights on the internet. Well when you access someone else machine on
the internet the owner of the machine being access has the right to protect
his machine. Remember the client at the other end has a free choice not to
access that host if they don't like it.

enough on this. This is an issue that clearly has 2 sides and both are right
to some degree so its a waste of time to debate it.

----- Original Message -----
From: <wmarti@TAMU.EDU>
To: <NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM>
Sent: Sunday, November 04, 2001 10:07 AM
Subject: Re: ASP script to parse URLSCAN.log file and add to a database.

> Ok, I mostly lurk and learn, but this coupled with the "information
> anarchy" posts is a bit much.
> Two points:
> (1) the code below is useful;
> (2) publishing infected addresses is down-right irresponsible!!
>
> Michelle Erbeck <michelle@maedata.net> writes:
> > ... We use this
> > database to deny access to infected hosts thru code we place in a
global.asa
> > file.
> Good idea.
>
> > ... We also publish these addresses at
> > http://www.maedata.net/blacklist
> What possible good could this do besides telling bad guys about new
targets?
> Given the back doors installed with some of the Code Red / Nimda variants,
> this list just gives those systems to whomever.
>
> I tend to believe in full disclosure. Actions like this tend to discredit
> any argument that more information is always better.
>
> Cheers,
> Willis Marti
> Associate Director
> CIS Networking
>



Relevant Pages

  • Re: Can I use Publisher to create our University Catalog?
    ... ANd with the proper tools and skill set, ... a project of this sort is best handled via what's called "Database ... field Name: Desktop Publishing ... only once (keep notes while doing it in case you need to edit it later). ...
    (microsoft.public.publisher)
  • Re: Web Service + SqlConnection
    ... Try to get the SQL server on its IP address instead of the drive and don't ... Now I've added an SQL Database object Database.mdf into my project. ... Subsequent publishing, however, results in the same message. ... tabljic", conn); ...
    (microsoft.public.dotnet.languages.csharp)
  • Re: Adding Printers to AD
    ... You'd need an enormous database to ever need to worry about this. ... A group policy was put in place some time ago for not publishing printers to AD. ... The more objects placed in Active Directory the larger the database grows, which can cause greater chance of corruption b.. ... The larger the database the longer it takes for AD replication to complete. ...
    (microsoft.public.win2000.active_directory)
  • RE: xsdb does XML, SQL is dead as disco :) (oops)
    ... >the previous releases of xsdb. ... >Database queries over web distributed data: ... > Publishing a queriable collection of data ... > queries and query responses are represented ...
    (comp.lang.python)
  • Re: Architectural advice needed on client-side browser scripting
    ... can easily serialize a DataTable (in this case the INFORMATION_SCHEMA views ... easily parse that XML to load listboxes or arrays. ... on a database chosen parse it for all tables in this database ... list all tables in the chosen database as interactive interface ...
    (comp.lang.javascript)