Publishing Nimda Logs
From: Deus, Attonbitus (Thor@HammerofGod.com)Date: 05/07/02
- Previous message: Rainer Duffner: "Re: netbuie.exe, scorpionsearch.com and fastcounter.bcentral.com"
- Next in thread: Hugo van der Kooij: "Re: Publishing Nimda Logs"
- Reply: Hugo van der Kooij: "Re: Publishing Nimda Logs"
- Reply: Glenn Forbes Fleming Larratt: "Re: Publishing Nimda Logs"
- Reply: Rainer Duffner: "Re: Publishing Nimda Logs"
- Reply: E: "Re: Publishing Nimda Logs"
- Reply: John Kristoff: "Re: Publishing Nimda Logs"
- Reply: jlewis@lewis.org: "Re: Publishing Nimda Logs"
- Reply: Richard.Smith@predictive.com: "Re: Publishing Nimda Logs"
- Reply: Thomas Frerichs: "Re: Publishing Nimda Logs"
- Reply: Mally Mclane: "Re: Publishing Nimda Logs"
- Reply: Justin Shore: "Re: Publishing Nimda Logs"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 07 May 2002 09:56:28 -0700 To: INCIDENTS@SECURITYFOCUS.COM From: "Deus, Attonbitus" <Thor@HammerofGod.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
It is truly sad that so many people are still infected with Nimda. There
is a company with my corporate ISP that I have notified 3 times now that
they are attacking other systems. It seems they can't figure out how not
to install Win2k/IIS5.0 while connected to the net. The sad thing is that
this is a computer company.
I have seen a site where people have published the IP of the offending
boxes for stuff like Nimda and CR. I am thinking about doing the same
thing so that people can either use that information to block the IP's or
to do whatever they want for that matter.
I'm curious to see how other feel about this. Is it:
1) Recommended. Go for it and publish the IP's and let the "Gods of IP"
sort out the damage.
2) A Bad Thing. These are innocent victims, and you will just have them be
attacked by evil people.
3) Boring. Who cares? It's Nimda, and an everyday part of life. Deal with
it and ignore the logs.
If "1," then I was thinking of going with a "Hall of Shame" and providing
ARIN look ups, contacts, and the whole bit. I could even allow other
people to post logs there and stuff like that...
Input appreciated.
AD
-----BEGIN PGP SIGNATURE-----
Version: PGP 7.1
iQA/AwUBPNgHPIhsmyD15h5gEQLsWACZASlsx6Wew0YfTHAzIHxotQYAdkAAoIoV
VSob5Hcw7X9DDzDxNUzXftdm
=Xv5m
-----END PGP SIGNATURE-----
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
- Previous message: Rainer Duffner: "Re: netbuie.exe, scorpionsearch.com and fastcounter.bcentral.com"
- Next in thread: Hugo van der Kooij: "Re: Publishing Nimda Logs"
- Reply: Hugo van der Kooij: "Re: Publishing Nimda Logs"
- Reply: Glenn Forbes Fleming Larratt: "Re: Publishing Nimda Logs"
- Reply: Rainer Duffner: "Re: Publishing Nimda Logs"
- Reply: E: "Re: Publishing Nimda Logs"
- Reply: John Kristoff: "Re: Publishing Nimda Logs"
- Reply: jlewis@lewis.org: "Re: Publishing Nimda Logs"
- Reply: Richard.Smith@predictive.com: "Re: Publishing Nimda Logs"
- Reply: Thomas Frerichs: "Re: Publishing Nimda Logs"
- Reply: Mally Mclane: "Re: Publishing Nimda Logs"
- Reply: Justin Shore: "Re: Publishing Nimda Logs"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
