Re: Publishing Nimda Logs

From: Justin Shore (macdaddyat_private)
Date: Wed May 08 2002 - 11:31:23 PDT

  • Next message: Jim Harrison (SPG): "RE: Publishing Nimda Logs - Summary"

    On 5/8/02 10:47 AM Mally Mclane said...
    >>>   I'm curious to see how other feel about this. Is it:
    >>>   1) Recommended. Go for it and publish the IP's and let the "Gods of IP"
    >>>      sort out the damage.
    >>>   2) A Bad Thing. These are innocent victims, and you will just have them
    >>>      be attacked by evil people.
    >>>   3) Boring. Who cares? It's Nimda, and an everyday part of life. Deal
    >>>      with it and ignore the logs.
    >> If you have Apache No3 is the best option. ;-)
    >> Everything else, like building lists of vulnerable IPs can either be
    >> considered a "hobby" or will help script-kiddies and IRC-weenies build
    >> an army of zombies in the medium term.
    >> ARIN (+RIPE + APNIC + ...) information isn't very reliable anyway.
    >> There have been several threads about this.
    >> And if you've complained to SPAM before, you may already know this.
    >hrm, I have to disagree here.
    >9 times out of 10, if you want contact information, the RIPEdb will supply
    >*correct* contact information. And opsat_private will *always* try to help
    >you out if you don't get correct contact information.
    I've had pretty good luck with RIPE's data (although I do find it harder 
    to read and navigate than ARIN's.  I've had world's better luck with RIPE 
    that APNIC.  I don't think I've ever gotten useful information out of 
    APNIC.  In the course of reporting spam, I use whois a lot.  I never seem 
    to get anything out of APNIC that I can use (little things, like an abuse 
    contact---bah, who would ever need that!).
    Justin Shore, ES-SS ES-SSR      Pittsburg State University
    Network & Systems Manager       Kelce 157Q
    Office of Information Systems   Pittsburg, KS 66762
    Voice: (620) 235-4606           Fax: (620) 235-4545
    Warning:  This message has been quadruple Rot13'ed for your protection.
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see:

    This archive was generated by hypermail 2b30 : Wed May 08 2002 - 15:35:13 PDT