Re: disinfection tool

From: Homer Wilson Smith (homerat_private)
Date: Mon Aug 06 2001 - 12:43:32 PDT

Next message: Jay D. Dyson: "Re: How to obtain a complete list of CR2 compromised hosts"

Previous message: Doug.Barbinat_private: "RE: Method to Clean up IIS servers hit by CRv2"
In reply to: Alfred Huger: "Re: disinfection tool"
Next in thread: Ryan Russell: "Re: disinfection tool"
Next in thread: Rob McCauley: "RE: disinfection tool"
Reply: Ryan Russell: "Re: disinfection tool"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> While someone may decide to do this the more likely scenario is that ISPs
> will start black holing infected IP addresses the same way they do with
> SPAM.

    Yep.  We got one on a DHCP'd IP, they would have to block the
whole Class C to get rid of him.

    How does one easily track down a mac address through a maze
of Cisco 1900 switches to find the port number that has the machine
on it, if you know the mac address?

    Doing it by hand is painful.

    Thanks  Homer


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Jay D. Dyson: "Re: How to obtain a complete list of CR2 compromised hosts"
Previous message: Doug.Barbinat_private: "RE: Method to Clean up IIS servers hit by CRv2"
In reply to: Alfred Huger: "Re: disinfection tool"
Next in thread: Ryan Russell: "Re: disinfection tool"
Next in thread: Rob McCauley: "RE: disinfection tool"
Reply: Ryan Russell: "Re: disinfection tool"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Aug 06 2001 - 13:17:11 PDT