On Wed, 8 May 2002 brossiniat_private wrote: > It would, however, be pretty niave of us to think that attackers > couldn't find lists of infected machines by other means. so the issue isn't "attackers can't get this info by other means". it's that the quanitity of information would be greatly enhanced by this kind of action, publishing logs. i have lists from networks i sit on, including my cable modem's network. moderatly saavy attacks do, too. there is no reason, though, why someone should help them get an order of magnitude more hosts. that's the issue, that in publishing these logs you are explicitely helping any attackers gather this info. ___________________________ jose nazario, ph.d. joseat_private http://www.monkey.org/~jose/
This archive was generated by hypermail 2b30 : Wed May 08 2002 - 14:18:51 PDT