Re: Publishing Nimda Logs

From: Pavel Lozhkin (pavelat_private)
Date: Wed May 08 2002 - 06:20:24 PDT

Next message: Laurence Brockman: "Re: Publishing Nimda Logs"

Previous message: Andy Wood: "RE: Publishing Nimda Logs"
In reply to: Johannes B. Ullrich: "Re: Publishing Nimda Logs"
Next in thread: Bernie Cosell: "Re: Publishing Nimda Logs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> At the very least, they do have your billing address ;-).
> 
> I send about 1000+ notifications a day from DShield. Sure,
> most of them trigger autoreplies. But I find, that some
> ISPs do appear to takes some action. (scans stop... maybe
> they just change the IP of the scanner).
> 
> I usually get better responses from smaller ISPs and Universities.
> Non-auto responses from large ISPs are an exception.

I believe there is only one way to stop the Nimda and other similar
viruses - to stop them on all firewalls (Cisco can do that for example)
on transit. And write autocomplainer (as i did and do) which will notify
ISPs about the activity. This can be useful for them.

-- 
Pavel
Cheif Information Security Officer

Next message: Laurence Brockman: "Re: Publishing Nimda Logs"
Previous message: Andy Wood: "RE: Publishing Nimda Logs"
In reply to: Johannes B. Ullrich: "Re: Publishing Nimda Logs"
Next in thread: Bernie Cosell: "Re: Publishing Nimda Logs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed May 08 2002 - 13:10:40 PDT