AW: Publishing Nimda Logs

From: vogtat_private
Date: Wed May 08 2002 - 01:26:27 PDT

  • Next message: Edwards, David (JTS): "RE: netbuie.exe, and"

    >   I'm curious to see how other feel about this. Is it:
    >   1) Recommended. Go for it and publish the IP's and let the 
    > "Gods of IP"
    >   sort out the damage.
    >   2) A Bad Thing. These are innocent victims, and you will 
    > just have them be
    >   attacked by evil people.
    >   3) Boring. Who cares? It's Nimda, and an everyday part of 
    > life. Deal with
    >   it and ignore the logs.
    >   If "1," then I was thinking of going with a "Hall of Shame" 
    > and providing
    >   ARIN look ups, contacts, and the whole bit. I could even allow other
    >   people to post logs there and stuff like that...
    >   Input appreciated.
    We already have RBL, and I'm all for creating a new one not limited to
    Personally, I'd be more than happy to firewall out all the losers who are,
    a way, driving on the highway leaking fuel. if you can't keep your car in
    working condition, you shouldn't be on the highway for you are a danger not
    only to yourself.
    Now for a company, that is a little tougher. We don't want to deny our users
    parts of the internet. However, I do believe I can argue a strong case if
    list is well-kept and errs on the side of caution. IOW if I can make a case
    the list does considerably more good than damage, then I'm sure I can get my
    company to use it.
    One problem is that you can't really filter large chunks of individual IPs
    the border routers without investing in new hardware quickly. This will be
    of the problems this project needs to solve.
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see:

    This archive was generated by hypermail 2b30 : Wed May 08 2002 - 09:21:35 PDT