Security Incidents mailing list archives
Re: Publishing Nimda Logs
From: John Kristoff <jtk () aharp is-net depaul edu>
Date: Wed, 8 May 2002 05:45:03 -0500
On Tue, May 07, 2002 at 09:56:28AM -0700, Deus, Attonbitus wrote:
I have seen a site where people have published the IP of the offending boxes for stuff like Nimda and CR. I am thinking about doing the same thing so that people can either use that information to block the IP's or to do whatever they want for that matter.
Since I was one who published a list of over ten thousand hosts infected with Code Red last summer to this list and others, I can give you some insight. Before I posted the list, I asked a few people if I should and only a couple said I shouldn't. However, after I posted it, no one sent me any hate mail. The emails I did receive were more of the "oh, geez, thanks, I'll fix those right away!" type. I think for some, they wouldn't have known about them unless some published the list. For others they may have simply missed them in their own logs or intrusion detection reports, but they pay attention to lists like this. Others, well as you say, they go up on the wall of shame. Those who don't fix them are only slightly worse off with your published list. Anyone with a web server can sit back and collect the same logs you're getting. Based on my experience, I'd say go for it. ...and I'll thank you in advance if you help my organization in finding a infected host on our network that we may have missed. John ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Publishing Nimda Logs Deus, Attonbitus (May 07)
- Re: Publishing Nimda Logs Hugo van der Kooij (May 08)
- Re: Publishing Nimda Logs Glenn Forbes Fleming Larratt (May 08)
- Re: Publishing Nimda Logs Rainer Duffner (May 08)
- Re: Publishing Nimda Logs Mally Mclane (May 08)
- RE: Publishing Nimda Logs Steve Zenone (May 08)
- Re: Publishing Nimda Logs Mally Mclane (May 08)
- Re: Publishing Nimda Logs E (May 08)
- RE: Publishing Nimda Logs Benjamin Tomhave (May 08)
- Re: Publishing Nimda Logs John Kristoff (May 08)
- Re: Publishing Nimda Logs jlewis (May 08)
- <Possible follow-ups>
- Re: Publishing Nimda Logs Thomas Frerichs (May 08)
- Re: Publishing Nimda Logs Justin Shore (May 08)
- Re: Publishing Nimda Logs Mally Mclane (May 08)
- Re: Publishing Nimda Logs Richard . Smith (May 08)
- Re: Publishing Nimda Logs Jay D. Dyson (May 09)