I am just curious as to why ANYONE thinks ANY ISP is going to cut off their life blood (their customers) just to appease someone who is not even being hacked (just probed). Just curious because I have a friend who is VP of an ISP and he said any isp who did that would be crazy. The person would get annoyed and take his business elsewhere. Not to mention that most people are not accounting for dynamic ips. Finally, I would have to say that I don't think the isp have the resources or the desire to track down every single person infected with code red or nimda. My 2 cents (on the current market worth about .05) Cheers, Leon -----Original Message----- From: lorenzo [mailto:lorenzoat_private] Sent: Wednesday, May 08, 2002 2:01 PM To: vuln-devat_private Subject: about disclosure of nimda logs I agree with the fact that on those mailing lists there is a full disclosure of vulnerabilities; but let us not forget that there is usually a period of time left to the vendors to fix them. So, why not allow a period of time after which the logs will be made public? The question is: can the owner of the machine be contacted? If yes, then allow him 2 weeks. If not, let's say 3 weeks. I'm saying '3 weeks' because sometimes people don't want to leave contact information, or their contact e-mail are too spammed - so it's not necessarily their fault if they cannot be contacted. But after 3 weeks I assume that every script kiddie in the world will have the machine's address, so publishing it won't affect too much the bandwidth. Opinions? -- lorenzo lorenzoat_private
This archive was generated by hypermail 2b30 : Wed May 08 2002 - 22:30:42 PDT