Re: Publishing Nimda Logs

From: Justin Shore (macdaddyat_private)
Date: Wed May 08 2002 - 11:31:23 PDT

Next message: Jim Harrison (SPG): "RE: Publishing Nimda Logs - Summary"

Previous message: Dug Song: "Re: Nimda Infections and code red resurgence"
Maybe in reply to: Deus, Attonbitus: "Publishing Nimda Logs"
Next in thread: Mally Mclane: "Re: Publishing Nimda Logs"
Reply: Mally Mclane: "Re: Publishing Nimda Logs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 5/8/02 10:47 AM Mally Mclane said...

>>>   I'm curious to see how other feel about this. Is it:
>>> 
>>>   1) Recommended. Go for it and publish the IP's and let the "Gods of IP"
>>>      sort out the damage.
>>>   2) A Bad Thing. These are innocent victims, and you will just have them
>>>      be attacked by evil people.
>>>   3) Boring. Who cares? It's Nimda, and an everyday part of life. Deal
>>>      with it and ignore the logs.
>> 
>> 
>> If you have Apache et.al. No3 is the best option. ;-)
>> 
>> Everything else, like building lists of vulnerable IPs can either be
>> considered a "hobby" or will help script-kiddies and IRC-weenies build
>> an army of zombies in the medium term.
>> 
>> ARIN (+RIPE + APNIC + ...) information isn't very reliable anyway.
>> There have been several threads about this.
>> And if you've complained to SPAM before, you may already know this.
>
>hrm, I have to disagree here.
>
>9 times out of 10, if you want contact information, the RIPEdb will supply
>*correct* contact information. And opsat_private will *always* try to help
>you out if you don't get correct contact information.

I've had pretty good luck with RIPE's data (although I do find it harder 
to read and navigate than ARIN's.  I've had world's better luck with RIPE 
that APNIC.  I don't think I've ever gotten useful information out of 
APNIC.  In the course of reporting spam, I use whois a lot.  I never seem 
to get anything out of APNIC that I can use (little things, like an abuse 
contact---bah, who would ever need that!).

Justin


--
Justin Shore, ES-SS ES-SSR      Pittsburg State University
Network & Systems Manager       Kelce 157Q
Office of Information Systems   Pittsburg, KS 66762
Voice: (620) 235-4606           Fax: (620) 235-4545
http://www.pittstate.edu/ois/

Warning:  This message has been quadruple Rot13'ed for your protection.


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Jim Harrison (SPG): "RE: Publishing Nimda Logs - Summary"
Previous message: Dug Song: "Re: Nimda Infections and code red resurgence"
Maybe in reply to: Deus, Attonbitus: "Publishing Nimda Logs"
Next in thread: Mally Mclane: "Re: Publishing Nimda Logs"
Reply: Mally Mclane: "Re: Publishing Nimda Logs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed May 08 2002 - 15:35:13 PDT