On Tue, May 07, 2002 at 12:53:13PM -0700, RSnake wrote: > If telling them isn't working, tell their upstream. > Get it patched, don't advertize the attacks to the world. Obviously you haven't been reporting much in the way of Nimda scanning. Most upstreams don't care. I'd have to vote for not publishing the list of machines. Go with something like Earlybird. (though, please, for the love of all things holy, don't use something that sends an email *every damn time* cmd.exe is attempted.. That's impolite.) If they don't fix it by the third time you see them, blackhole the IP forever. It's really a shame we can't BGP RBL [1] all these /32's out of existence without completely collapsing BGP in the process. :/ There really needs to be some kind of global-Internet-death-penalty for hosts with systemic, long-term security problems caused by admins that can't or won't care otherwise. (though, if you ask me, any netblock with an unresponsive administration staff should be completely blackholed. Just dump the AS on the floor until they get a clue *and keep it*. It's acceptable to have security problems these days, everyone has one eventually, but systemic problems caused by ISPs that are unwilling to step up and put an end to their security problems on a per-customer basis should not be allowed to route. period. okay. End rant. ) [1] or other actually technically feasable process, whatever it may be. -- Erik Fichtner; Unix Ronin http://www.obfuscation.org/techs/ "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -- Benjamin Franklin, 1759
This archive was generated by hypermail 2b30 : Tue May 07 2002 - 16:53:56 PDT