----- Original Message ----- From: "Technical Support" <bobat_private> To: "Jensenne Roculan" <jroculanat_private>; <incidentsat_private> Cc: <forensicsat_private>; <focus-idsat_private> Sent: Tuesday, September 18, 2001 1:24 PM Subject: WORM FORENSICS? > I feel that any server attacking another is fair game to publish data about it. > > Bob In some cases, you may have a point, however can you be sure that the IP from which you were attacked isn't just an unaware compromised host? I was hit numerous times with NIMDA today, all by hosts the admins of which most likely had no idea they were being used. I agree that they have a responsibility to patch their servers, but I don't think it's appropriate to post their IPs, perform directory listings, or read log files. Not only is it illegal, but it doesn't really accomplish much since you're attacking the wrong person. I do understand the feeling of being attacked, and I know it's really tempting to launch a counter attack, especially since so many of the boxes performing these attacks are wide open. This isn't meant to be confrontational, but I feel that it's an important point to make. Gabriel ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Sep 18 2001 - 20:02:18 PDT