RE: Publishing Nimda Logs

From: Jose Nazario (joseat_private)
Date: Wed May 08 2002 - 10:56:00 PDT

Next message: Boyd Lynn Gerber: "Re: Publishing Nimda Logs"

Previous message: amonotod: "RE: Publishing Nimda Logs"
In reply to: brossiniat_private: "RE: Publishing Nimda Logs"
Next in thread: Clinton Smith: "Re: Publishing Nimda Logs"
Next in thread: Alexander Sarras (ABG): "RE: Publishing Nimda Logs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 8 May 2002 brossiniat_private wrote:

> It would, however, be pretty niave of us to think that attackers
> couldn't find lists of infected machines by other means.

so the issue isn't "attackers can't get this info by other means". it's
that the quanitity of information would be greatly enhanced by this kind
of action, publishing logs.

i have lists from networks i sit on, including my cable modem's network.
moderatly saavy attacks do, too. there is no reason, though, why someone
should help them get an order of magnitude more hosts.

that's the issue, that in publishing these logs you are explicitely
helping any attackers gather this info.

___________________________
jose nazario, ph.d.			joseat_private
					http://www.monkey.org/~jose/

Next message: Boyd Lynn Gerber: "Re: Publishing Nimda Logs"
Previous message: amonotod: "RE: Publishing Nimda Logs"
In reply to: brossiniat_private: "RE: Publishing Nimda Logs"
Next in thread: Clinton Smith: "Re: Publishing Nimda Logs"
Next in thread: Alexander Sarras (ABG): "RE: Publishing Nimda Logs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed May 08 2002 - 14:18:51 PDT