Re: Publishing Nimda Logs

From: Jose Nazario (joseat_private)
Date: Tue May 07 2002 - 10:43:58 PDT

Next message: mlafonat_private: "Re: Publishing Nimda Logs"

Previous message: Luis Pinto: "Re: Publishing Nimda Logs"
In reply to: Deus, Attonbitus: "Publishing Nimda Logs"
Next in thread: mlafonat_private: "Re: Publishing Nimda Logs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 7 May 2002, Deus, Attonbitus wrote:

>   Input appreciated.

this is significantly worse than you may realize. since they all have an
effective back door, its very easy to walk around and pick them up for a
DDoS attack. you'd literally be handing them to people. granted all one
has to do is listen for nimda/CR/CR2 scans and you have a good chunk ready
to run with. however, your actions would explicitely enable and assist
this.

i highly suggest you don't do this. i suggest instead you attempt to work
with CERT and other organizations through a group like FIRST to try and
clean this up.

___________________________
jose nazario, ph.d.			joseat_private
					http://www.monkey.org/~jose/

Next message: mlafonat_private: "Re: Publishing Nimda Logs"
Previous message: Luis Pinto: "Re: Publishing Nimda Logs"
In reply to: Deus, Attonbitus: "Publishing Nimda Logs"
Next in thread: mlafonat_private: "Re: Publishing Nimda Logs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue May 07 2002 - 12:45:02 PDT