Security Incidents mailing list archives
Re: Publishing Nimda Logs
From: Hugo van der Kooij <hvdkooij () vanderkooij org>
Date: Wed, 8 May 2002 08:01:41 +0200 (CEST)
On Tue, 7 May 2002, Deus, Attonbitus wrote:
It is truly sad that so many people are still infected with Nimda. There is a company with my corporate ISP that I have notified 3 times now that they are attacking other systems. It seems they can't figure out how not to install Win2k/IIS5.0 while connected to the net. The sad thing is that this is a computer company.
Send a formal complaint to the ISP. It's their responsability as well as soon as you send a formal complaint. Send a formal complaint by snailmail to that company. Let them sign for receipt. Include logging and such and charge them with: - harrasment. - improper usage of you computer facilities. .....
I have seen a site where people have published the IP of the offending boxes for stuff like Nimda and CR. I am thinking about doing the same thing so that people can either use that information to block the IP's or to do whatever they want for that matter.
I display all seen nimda cases for several months now. (http://hvdkooij.xs4all.nl/logging.cms) I als run earlybird so the owner of the IP block that has an offending machine gets one warning per day informing them of their problem. I am under the impression that it has some impact. (Now ISP's and so will learn about infections within a minute after a machine in their netblock starts harrassing me.) Hugo. -- All email send to me is bound to the rules described on my homepage. hvdkooij () vanderkooij org http://hvdkooij.xs4all.nl/ Don't meddle in the affairs of sysadmins, for they are subtle and quick to anger. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Publishing Nimda Logs Deus, Attonbitus (May 07)
- Re: Publishing Nimda Logs Hugo van der Kooij (May 08)
- Re: Publishing Nimda Logs Glenn Forbes Fleming Larratt (May 08)
- Re: Publishing Nimda Logs Rainer Duffner (May 08)
- Re: Publishing Nimda Logs Mally Mclane (May 08)
- RE: Publishing Nimda Logs Steve Zenone (May 08)
- Re: Publishing Nimda Logs Mally Mclane (May 08)
- Re: Publishing Nimda Logs E (May 08)
- RE: Publishing Nimda Logs Benjamin Tomhave (May 08)
- Re: Publishing Nimda Logs John Kristoff (May 08)
- Re: Publishing Nimda Logs jlewis (May 08)
- <Possible follow-ups>
- Re: Publishing Nimda Logs Thomas Frerichs (May 08)
- Re: Publishing Nimda Logs Justin Shore (May 08)
(Thread continues...)