nanog mailing list archives

Re: Sobig.f surprise attack today

From: Dan Hollis <goemon () anime net>
Date: Thu, 28 Aug 2003 12:54:54 -0700 (PDT)


On Thu, 28 Aug 2003, Owen DeLong wrote:

Alternatively, perhaps we could, instead, publish an INFECTED SYSTEMS 
blacklist
based on such connections to a honeypot.  Any system which made the correct
request could then have it's address published via BGP or DNS for ISPs and
the like to do as they wish.


an infected host dnsrbl doesnt sound like a bad idea...

-Dan
-- 
[-] Omae no subete no kichi wa ore no mono da. [-]

Current thread:

RE: Sobig.f surprise attack today, (continued)
- - - RE: Sobig.f surprise attack today Stephen J. Wilcox (Aug 22)
    - Re: Sobig.f surprise attack today Andrew Kerr (Aug 22)
    - Re: Sobig.f surprise attack today Jay Hennigan (Aug 22)
    - Re: Sobig.f surprise attack today Andrew Kerr (Aug 22)
    - Re: Sobig.f surprise attack today Petri Helenius (Aug 22)
- Re: Sobig.f surprise attack today Owen DeLong (Aug 22)
  - Re: Sobig.f surprise attack today Jay Hennigan (Aug 22)
  - Message not available
    - Re: Sobig.f surprise attack today Owen DeLong (Aug 22)
    - Re: Sobig.f surprise attack today Doug Barton (Aug 22)
    - Re: Sobig.f surprise attack today Owen DeLong (Aug 28)
    - Re: Sobig.f surprise attack today Dan Hollis (Aug 28)
    - Re: Sobig.f surprise attack today Mike Tancsa (Aug 28)
    - Re: Sobig.f surprise attack today Petri Helenius (Aug 28)
    - Re: Sobig.f surprise attack today Mike Tancsa (Aug 28)
    - Re: Sobig.f surprise attack today Patrick Muldoon (Aug 28)
    - Re: Sobig.f surprise attack today Damian Gerow (Aug 28)
    - Re: Sobig.f surprise attack today Petri Helenius (Aug 28)
    - Re: Sobig.f surprise attack today Mike Tancsa (Aug 28)
- RE: Sobig.f surprise attack today Matthew Kaufman (Aug 22)
- RE: Sobig.f surprise attack today Vachon, Scott (Aug 22)
  - Re: Sobig.f surprise attack today steve uurtamo (Aug 22)

(Thread continues...)