Happened, sorta. He was caught, convicted and imprisoned. See "A White hat goes to jail" at http://www.wired.com/news/culture/0,1284,44007,00.html "Healy, S. S., CTM2" wrote: > > I'm just waiting for the day where a sysadmin gets fed up with being scanned > by NIMDA and rewrites NIMDA to start patching the systems it infects. > > What would you call such a beast, a retro-virus or an anti-virus virus? > > -Steve- > > -----Original Message----- > From: Ron DuFresne [mailto:dufresneat_private] > Sent: Tuesday, May 07, 2002 6:48 PM > To: Chip McClure > Cc: Deus, Attonbitus; vuln-devat_private > Subject: Re: Publishing Nimda Logs > > I've also pretty much given up on trying to clue folks to nimda issues > they still have, same with code red variants which are still plentiful. > I've started to blackhole whol IP blocks due to this problem. Some > companies, even when notified of their systems compromise and their > being used to further attack other systems don't even take the time to > either investigate, nor repair such systems. We've taken to having to > block the whole netspace for many sites, such as the City of Ashland in > Oregon, (NETBLK-SPRINT-D00150-2) SPRINT-D00150-2 208.1.80.0 - > 208.1.83.255, whose systems are so infested with code-red and nimda > variants and who fail as well as Sprint, their upstream provider, in > taking any action about their systems attacks on others on the Internet > infamous highway. We tried to actually call and talk to their techs and > were rudely hung up on, this after over 6 months of notifications to them > and their upstream ISP Sprint. Although Jose Nazario does mention these > systems can be 0w3d after a publication of IP's of infected systems, I'm > at this point not caring if they get taken. They are a pain and further > spreading their problem as it is. I suspect many of these systems are at > least partially 0w3d and used as DDOS mechanisms already. The hame of > shame list should include the ISP's in question too, the upstreams have > been notified as well as the direct offender, most many times over many > months. Nothing else has worked... > > Thanks, > > Ron DuFresne -- James W. Meritt CISSP, CISA Booz | Allen | Hamilton phone: (410) 684-6566
This archive was generated by hypermail 2b30 : Wed May 08 2002 - 21:32:12 PDT