What I did with my Nimda/Code Red logs and an unresponsive ISP was write up a script that copied the logs into a directory that is accessable from my web site then have an email generated and sent to the abuse@ contact at the ISP. At one point they were getting 20+ emails a day from me and finally asked me to stop. I told them that I refuse to stop until they dealt with their customers. This worked. The other amsuing/assholic thing I did was link the logs in txt format to www.mywebsite/stupidpeople/dummyoftheday.txt and let whomever wanted surf to my web site and see the logs.... On Tue, 7 May 2002, Deus, Attonbitus wrote: > Date: Tue, 07 May 2002 09:55:20 -0700 > From: "Deus, Attonbitus" <Thorat_private> > To: vuln-devat_private > Subject: Publishing Nimda Logs > > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > It is truly sad that so many people are still infected with Nimda. There > is a company with my corporate ISP that I have notified 3 times now that > they are attacking other systems. It seems they can't figure out how not > to install Win2k/IIS5.0 while connected to the net. The sad thing is that > this is a computer company. > > I have seen a site where people have published the IP of the offending > boxes for stuff like Nimda and CR. I am thinking about doing the same > thing so that people can either use that information to block the IP's or > to do whatever they want for that matter. > > I'm curious to see how other feel about this. Is it: > > 1) Recommended. Go for it and publish the IP's and let the "Gods of IP" > sort out the damage. > 2) A Bad Thing. These are innocent victims, and you will just have them be > attacked by evil people. > 3) Boring. Who cares? It's Nimda, and an everyday part of life. Deal with > it and ignore the logs. > > If "1," then I was thinking of going with a "Hall of Shame" and providing > ARIN look ups, contacts, and the whole bit. I could even allow other > people to post logs there and stuff like that... > > Input appreciated. > > AD > > > -----BEGIN PGP SIGNATURE----- > Version: PGP 7.1 > > iQA/AwUBPNgG94hsmyD15h5gEQI+igCg3plbeP+TLJcr71MfzkvHI+/t/dsAn2ve > 83gug5UTKCYW+x4ZwNDPSTEE > =P0lX > -----END PGP SIGNATURE----- > -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- "I don't intend to offend, I offend with my intent" hellNbakat_private http://www.nmrc.org/~hellnbak -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This archive was generated by hypermail 2b30 : Tue May 07 2002 - 13:04:43 PDT