Re: Publishing Nimda Logs

From: Rainer Duffner (rainer@ultra-secure.de)
Date: Wed May 08 2002 - 01:28:40 PDT

Next message: E: "Re: Publishing Nimda Logs"

Previous message: Glenn Forbes Fleming Larratt: "Re: Publishing Nimda Logs"
In reply to: Deus, Attonbitus: "Publishing Nimda Logs"
Next in thread: Mally Mclane: "Re: Publishing Nimda Logs"
Next in thread: E: "Re: Publishing Nimda Logs"
Reply: Mally Mclane: "Re: Publishing Nimda Logs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Deus, Attonbitus writes: 

>   It is truly sad that so many people are still infected with Nimda. 
>   There is a company with my corporate ISP that I have notified 3 times 
>   now that they are attacking other systems. It seems they can't figure 
>   out how not to install Win2k/IIS5.0 while connected to the net. 

That's hardly news, I'm afraid ;-) 

>   thing so that people can either use that information to block the IP's 
>   or  to do whatever they want for that matter.

The problem lies in the "whatever they want".
See this CNET-article http://news.com.com/2100-1001-899245.html
on the subject of "open" servers. 

>   I'm curious to see how other feel about this. Is it: 
> 
>   1) Recommended. Go for it and publish the IP's and let the "Gods of IP"
>      sort out the damage.
>   2) A Bad Thing. These are innocent victims, and you will just have them 
>      be attacked by evil people.
>   3) Boring. Who cares? It's Nimda, and an everyday part of life. Deal 
>      with it and ignore the logs.

If you have Apache et.al. No3 is the best option. ;-) 

Everything else, like building lists of vulnerable IPs can either be 
considered a "hobby" or will help script-kiddies and IRC-weenies build
an army of zombies in the medium term. 

ARIN (+RIPE + APNIC + ...) information isn't very reliable anyway.
There have been several threads about this.
And if you've complained to SPAM before, you may already know this. 

As you mentioned, the company didn't really act on your complaints. 

If you really feel so bad about their network vs. your network, than 
blackhole them. 

cheers,
Rainer
-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Rainer Duffner                   Munich
rainer@ultra-secure.de          Germany
http://www.i-duffner.de        Freising
========================================
    When shall we three meet again
  In thunder, lightning, or in rain?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: E: "Re: Publishing Nimda Logs"
Previous message: Glenn Forbes Fleming Larratt: "Re: Publishing Nimda Logs"
In reply to: Deus, Attonbitus: "Publishing Nimda Logs"
Next in thread: Mally Mclane: "Re: Publishing Nimda Logs"
Next in thread: E: "Re: Publishing Nimda Logs"
Reply: Mally Mclane: "Re: Publishing Nimda Logs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed May 08 2002 - 08:46:18 PDT