Kev wrote: > Unfortunately, all the world's not the USA (much to the chagrin of many > of my fellow citizens, it seems). Also, there are many, many, many > clueless admins out there; anybody that has to deal with script kiddies > knows just how often Korean (for instance) hosts are broken into and used > for all sorts of nefarious purposes. 90% of the time, I'm unable to even > report spam to the open relays in that country, because not only is > postmaster@ not even present, the contacts listed in whois.nic.or.kr just > point into never-never land. I fear we will never see the end of this > particular problem :/ > I know what you mean. I had to deal with lots of attacks & probes from *ac.kr myself. I think a long time ago there was a discussion on incidents@ (I think, I'm not sure) suggesting to create router ACL's with korean/offending IP numbers to block them completely from the Internet (similar to e-mail anti-spam lists). But then again, that defeats the purpose of the internet (to communicate around the world). As long as admins aren't educated and made aware of these problems, it's not going to change at all. But I'm not completely sure if infecting systems with a counter-worm is the solution either. Like some people already pointed out, it does consume lots of bandwidth, sets off IDSs, and irritates people who have Apache servers, whose logs get clogged up by these obsolete requests. Code Red is going to die out sometime eventually, just like Melissa did...so I'm not worried about it much. Cheers -- Emre Yildirim <emreat_private> GPG KeyID 0xF9E4A1D1 (keyserver.pgp.com)
This archive was generated by hypermail 2b30 : Thu Sep 06 2001 - 17:03:45 PDT