Re: Publishing Nimda Logs

From: Chip McClure (vhm3at_private)
Date: Tue May 07 2002 - 10:13:45 PDT

Next message: hellNbak: "Re: Windows XP Raw Sockets tool?"

Previous message: mlafonat_private: "Re: Publishing Nimda Logs"
In reply to: Deus, Attonbitus: "Publishing Nimda Logs"
Next in thread: Ron DuFresne: "Re: Publishing Nimda Logs"
Next in thread: hellNbak: "Re: Publishing Nimda Logs"
Reply: Ron DuFresne: "Re: Publishing Nimda Logs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I vote for option #1.

I've gone pretty much the same route as you have, and I might as well have
been talking to a wall. Notified ISP's, and where possible, the
individuals themselves - nothing has been done about it. I still get quite
a number of Nimda probes per day, not only on my home system, but also
that of my data center servers. It gets highly annoying, to see that
people, and also corporations do not patch their systems. Whether this is
through ignorance, or lack of knowledge - they have to be held accountable
for their actions. Enough warnings by 90% of the ISP's, Microsoft, and
numerous others, on how to disable IIS, patch it or do whatever. The
knowledge, and ability is definitley there to take care of the problem.

Chip

- -----
Chip McClure
Sr. Unix Administrator
GigGuardian, Inc.

http://www.gigguardian.com/
- -----

On Tue, 7 May 2002, Deus, Attonbitus wrote:

>
>
>   It is truly sad that so many people are still infected with Nimda. There
>   is a company with my corporate ISP that I have notified 3 times now that
>   they are attacking other systems. It seems they can't figure out how not
>   to install Win2k/IIS5.0 while connected to the net. The sad thing is that
>   this is a computer company.
>
>   I have seen a site where people have published the IP of the offending
>   boxes for stuff like Nimda and CR. I am thinking about doing the same
>   thing so that people can either use that information to block the IP's or
>   to do whatever they want for that matter.
>
>   I'm curious to see how other feel about this. Is it:
>
>   1) Recommended. Go for it and publish the IP's and let the "Gods of IP"
>   sort out the damage.
>   2) A Bad Thing. These are innocent victims, and you will just have them be
>   attacked by evil people.
>   3) Boring. Who cares? It's Nimda, and an everyday part of life. Deal with
>   it and ignore the logs.
>
>   If "1," then I was thinking of going with a "Hall of Shame" and providing
>   ARIN look ups, contacts, and the whole bit. I could even allow other
>   people to post logs there and stuff like that...
>
>   Input appreciated.
>
>   AD
>
>

-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8
Comment: Made with pgp4pine 1.76

iQA/AwUBPNgLTJuKtP8CSC69EQK3iACfdq4BP2OVZeuyqIKgcF1xkgff92oAoIdc
XtZOObYa8BuKLa8IESKM0+oW
=spj0
-----END PGP SIGNATURE-----

Next message: hellNbak: "Re: Windows XP Raw Sockets tool?"
Previous message: mlafonat_private: "Re: Publishing Nimda Logs"
In reply to: Deus, Attonbitus: "Publishing Nimda Logs"
Next in thread: Ron DuFresne: "Re: Publishing Nimda Logs"
Next in thread: hellNbak: "Re: Publishing Nimda Logs"
Reply: Ron DuFresne: "Re: Publishing Nimda Logs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue May 07 2002 - 12:56:38 PDT