Re: ASP script to parse URLSCAN.log file and add to a database.

From: Michelle Erbeck (michelle@MAEDATA.NET)
Date: 11/05/01

Message-ID:  <006101c165bb$187512e0$>
Date:         Mon, 5 Nov 2001 00:26:52 -0500
From: Michelle Erbeck <michelle@MAEDATA.NET>
Subject:      Re: ASP script to parse URLSCAN.log file and add to a database.

its no different than MAPS publishing open relays. Not securing machines and
participating in code red and nimda propagation is ir-responsible. Admins at
least now have choice to block addresses. We occassionally send email to
ISP's to look for addresses they provide in the list so they can notify
customers who are infected.

In time we hope to automate the emailing process as well as incorporate a
capability to null route those addresses in the database therefore blocking
those addresses.

Its simple, to not get published run secured machines.

I am surprised by your statment, but there is always someone who thinks they
have rights on the internet. Well when you access someone else machine on
the internet the owner of the machine being access has the right to protect
his machine. Remember the client at the other end has a free choice not to
access that host if they don't like it.

enough on this. This is an issue that clearly has 2 sides and both are right
to some degree so its a waste of time to debate it.

----- Original Message -----
From: <wmarti@TAMU.EDU>
Sent: Sunday, November 04, 2001 10:07 AM
Subject: Re: ASP script to parse URLSCAN.log file and add to a database.

> Ok, I mostly lurk and learn, but this coupled with the "information
> anarchy" posts is a bit much.
> Two points:
> (1) the code below is useful;
> (2) publishing infected addresses is down-right irresponsible!!
> Michelle Erbeck <> writes:
> > ... We use this
> > database to deny access to infected hosts thru code we place in a
> > file.
> Good idea.
> > ... We also publish these addresses at
> >
> What possible good could this do besides telling bad guys about new
> Given the back doors installed with some of the Code Red / Nimda variants,
> this list just gives those systems to whomever.
> I tend to believe in full disclosure. Actions like this tend to discredit
> any argument that more information is always better.
> Cheers,
> Willis Marti
> Associate Director
> CIS Networking