Re: Publishing Nimda Logs

[Boyd Lynn Gerber <gerberb () zenez com>]

On Tue, 7 May 2002, Deus, Attonbitus wrote:
>   It is truly sad that so many people are still infected with Nimda. There
>   is a company with my corporate ISP that I have notified 3 times now that
>   they are attacking other systems. It seems they can't figure out how not
>   to install Win2k/IIS5.0 while connected to the net. The sad thing is that
>   this is a computer company.
>
>   I have seen a site where people have published the IP of the offending
>   boxes for stuff like Nimda and CR. I am thinking about doing the same
>   thing so that people can either use that information to block the IP's or
>   to do whatever they want for that matter.
>
>   I'm curious to see how other feel about this. Is it:
>
>   1) Recommended. Go for it and publish the IP's and let the "Gods of IP"
>   sort out the damage.
>   2) A Bad Thing. These are innocent victims, and you will just have them be
>   attacked by evil people.
>   3) Boring. Who cares? It's Nimda, and an everyday part of life. Deal with
>   it and ignore the logs.
>
>   If "1," then I was thinking of going with a "Hall of Shame" and providing
>   ARIN look ups, contacts, and the whole bit. I could even allow other
>   people to post logs there and stuff like that...
>
>   Input appreciated.

The one problem is the ARIN is not up to date.  I have tried to get
information removed.  I was the owner of some IP 8 years ago.  They have
been infected, remove the virus and get infected again.  Every time their
system gets messed up I get 30-50 emails telling me my machines are
infected and that I need to do something about them.  I have not had any
control for 8 years over these IPs.  I should not be responsible for them.
So the ARIN reports are totally bogus.  I am sure others may also have
this problem.

Thanks,

--
Boyd Gerber <gerberb () zenez com>
ZENEZ   3748 Valley Forge Road, Magna Utah  84044