RE: about disclosure of nimda logs

["leon" <leon.inyc () verizon net>]

I am just curious as to why ANYONE thinks ANY ISP is going to cut off
their life blood (their customers) just to appease someone who is not
even being hacked (just probed).

Just curious because I have a friend who is VP of an ISP and he said any
isp who did that would be crazy.  The person would get annoyed and take
his business elsewhere.  Not to mention that most people are not
accounting for dynamic ips.   Finally, I would have to say that I don't
think the isp have the resources or the desire to track down every
single person infected with code red or nimda.

My 2 cents (on the current market worth about .05)

Cheers,

Leon

-----Original Message-----
From: lorenzo [mailto:lorenzo () digitalmind it] 
Sent: Wednesday, May 08, 2002 2:01 PM
To: vuln-dev () securityfocus com
Subject: about disclosure of nimda logs

I agree with the fact that on those mailing lists there is a full
disclosure of vulnerabilities; but let us not forget that there is
usually a period of time left to the vendors to fix them.

So, why not allow a period of time after which the logs will be made
public?

The question is: can the owner of the machine be contacted?
If yes, then allow him 2 weeks.
If not, let's say 3 weeks.

I'm saying '3 weeks' because sometimes people don't want to leave
contact information, or their contact e-mail are too spammed - so it's
not necessarily their fault if they cannot be contacted.
But after 3 weeks I assume that every script kiddie in the world will
have the machine's address, so publishing it won't affect too much the
bandwidth.

Opinions?

-- 

lorenzo
lorenzo () digitalmind it