Re: Publishing Nimda Logs

From: hellNbak (hellnbakat_private)
Date: Tue May 07 2002 - 10:18:30 PDT

Next message: Jonathan Bloomquist: "Re: Publishing Nimda Logs"

Previous message: hellNbak: "Re: Windows XP Raw Sockets tool?"
In reply to: Deus, Attonbitus: "Publishing Nimda Logs"
Next in thread: Jonathan Bloomquist: "Re: Publishing Nimda Logs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

What I did with my Nimda/Code Red logs and an unresponsive ISP was write
up a script that copied the logs into a directory that is accessable from
my web site then have an email generated and sent to the abuse@ contact
at the ISP.  At one point they were getting 20+ emails a day from me and
finally asked me to stop.  I told them that I refuse to stop until they
dealt with their customers.  This worked.

The other amsuing/assholic thing I did was link the logs in txt format to
www.mywebsite/stupidpeople/dummyoftheday.txt and let whomever wanted surf
to my web site and see the logs....

On Tue, 7 May 2002, Deus, Attonbitus wrote:

> Date: Tue, 07 May 2002 09:55:20 -0700
> From: "Deus, Attonbitus" <Thorat_private>
> To: vuln-devat_private
> Subject: Publishing Nimda Logs
>
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
>   It is truly sad that so many people are still infected with Nimda. There
>   is a company with my corporate ISP that I have notified 3 times now that
>   they are attacking other systems. It seems they can't figure out how not
>   to install Win2k/IIS5.0 while connected to the net. The sad thing is that
>   this is a computer company.
>
>   I have seen a site where people have published the IP of the offending
>   boxes for stuff like Nimda and CR. I am thinking about doing the same
>   thing so that people can either use that information to block the IP's or
>   to do whatever they want for that matter.
>
>   I'm curious to see how other feel about this. Is it:
>
>   1) Recommended. Go for it and publish the IP's and let the "Gods of IP"
>   sort out the damage.
>   2) A Bad Thing. These are innocent victims, and you will just have them be
>   attacked by evil people.
>   3) Boring. Who cares? It's Nimda, and an everyday part of life. Deal with
>   it and ignore the logs.
>
>   If "1," then I was thinking of going with a "Hall of Shame" and providing
>   ARIN look ups, contacts, and the whole bit. I could even allow other
>   people to post logs there and stuff like that...
>
>   Input appreciated.
>
>   AD
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP 7.1
>
> iQA/AwUBPNgG94hsmyD15h5gEQI+igCg3plbeP+TLJcr71MfzkvHI+/t/dsAn2ve
> 83gug5UTKCYW+x4ZwNDPSTEE
> =P0lX
> -----END PGP SIGNATURE-----
>

-- 
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

"I don't intend to offend, I offend with my intent"

hellNbakat_private
http://www.nmrc.org/~hellnbak

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

Next message: Jonathan Bloomquist: "Re: Publishing Nimda Logs"
Previous message: hellNbak: "Re: Windows XP Raw Sockets tool?"
In reply to: Deus, Attonbitus: "Publishing Nimda Logs"
Next in thread: Jonathan Bloomquist: "Re: Publishing Nimda Logs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue May 07 2002 - 13:04:43 PDT