| > I have seen a site where people have published the IP of the offending | > boxes for stuff like Nimda and CR. I am thinking about doing the same | > thing so that people can either use that information to block the IP's or | > to do whatever they want for that matter. | > | > I'm curious to see how other feel about this. Is it: | > | > 1) Recommended. Go for it and publish the IP's and let the "Gods of IP" | > sort out the damage. | | Yep. Go ahead. Anything that happens to these suckers who had | months and months to think about it and reinstall it some 150 times in a | row deserve any bad publicity they can get. And the old adage "there's no | such thing as bad advertising" is not allways true. This is a terrible idea. This isn't advertizing, it is creating an easy report to generate the largest denial of service platform the world has ever seen. There is nothing stopping me from using said scan to upload a "patch" to those servers and block access to others but retrain control myself. How does that solve anything? If telling them isn't working, tell their upstream. Get it patched, don't advertize the attacks to the world. I shouldn't have to tell the people on this list why publishing information that might aid in breaking into national infrastructure could be construed as a very bad thing to some congressman. My vote is a huge no. This has already been discussed amongst some very large companies in Silicon Valley, and the concensus was it is causing way more harm than good by publishing that information. | > 2) A Bad Thing. These are innocent victims, and you will just have them be | > attacked by evil people. | | People with infected servers will almost certainly be warned, if | not lots of times, at least once. So, as long as they are sitting ducks | ignoring people's warnings, they are the evil people. We, that have to | bear with their atacks are the innocent victims. I am not ashamed to say I was infected by a virus, and I was not warned by anyone. I eventually did a netstat in cygwin and found it myself. This is a bad assumption. | > 3) Boring. Who cares? It's Nimda, and an everyday part of life. Deal with | > it and ignore the logs. | | So is muggling, robbing and raping. But we dont have to ignore it. Agreed, let's not ignore it. Inform ISPs and individuals that are affected. Don't publish it to the world. This isn't like the open source movement publishing a vulnerability. We are talking about individual and corporate security. | > If "1," then I was thinking of going with a "Hall of Shame" and providing | > ARIN look ups, contacts, and the whole bit. I could even allow other | > people to post logs there and stuff like that... | | Great idea. If i can help in any way... I can't stress more what a bad idea this is. RRrRRRr. | RSnake at shocking dot com 0x7A69 RR' `RR | EHAP Founder / WebFringe.com Founder RR | He who made kittens put snakes in the grass. RR | DSS:5923 76D7 0EC2 4553 7195 442B 8596 4849 2AA6 1F64 The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it is expressly prohibited and may be unlawful.
This archive was generated by hypermail 2b30 : Tue May 07 2002 - 13:37:31 PDT