Re: Publishing Nimda Logs

From: Hugo van der Kooij (hvdkooijat_private)
Date: Tue May 07 2002 - 23:01:41 PDT

  • Next message: Deus, Attonbitus: "Publishing Nimda Logs - Summary"

    On Tue, 7 May 2002, Deus, Attonbitus wrote:
    >   It is truly sad that so many people are still infected with Nimda. There
    >   is a company with my corporate ISP that I have notified 3 times now that
    >   they are attacking other systems. It seems they can't figure out how not
    >   to install Win2k/IIS5.0 while connected to the net. The sad thing is that
    >   this is a computer company.
    Send a formal complaint to the ISP. It's their responsability as well as 
    soon as you send a formal complaint. Send a formal complaint by 
    snailmail to that company. Let them sign for receipt.
    Include logging and such and charge them with:
     - harrasment.
     - improper usage of you computer facilities.
    >   I have seen a site where people have published the IP of the offending
    >   boxes for stuff like Nimda and CR. I am thinking about doing the same
    >   thing so that people can either use that information to block the IP's or
    >   to do whatever they want for that matter.
    I display all seen nimda cases for several months now. 
    I als run earlybird so the owner of the IP block that has an offending 
    machine gets one warning per day informing them of their problem.
    I am under the impression that it has some impact. (Now ISP's and so will 
    learn about infections within a minute after a machine in their netblock 
    starts harrassing me.)
    All email send to me is bound to the rules described on my homepage.
    	    Don't meddle in the affairs of sysadmins,
    	    for they are subtle and quick to anger.
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see:

    This archive was generated by hypermail 2b30 : Wed May 08 2002 - 08:28:02 PDT