Security Incidents mailing list archives
AW: Publishing Nimda Logs
From: vogt () hansenet com
Date: Wed, 8 May 2002 10:26:27 +0200
I'm curious to see how other feel about this. Is it: 1) Recommended. Go for it and publish the IP's and let the "Gods of IP" sort out the damage. 2) A Bad Thing. These are innocent victims, and you will just have them be attacked by evil people. 3) Boring. Who cares? It's Nimda, and an everyday part of life. Deal with it and ignore the logs. If "1," then I was thinking of going with a "Hall of Shame" and providing ARIN look ups, contacts, and the whole bit. I could even allow other people to post logs there and stuff like that... Input appreciated.
We already have RBL, and I'm all for creating a new one not limited to e-mail. Personally, I'd be more than happy to firewall out all the losers who are, in a way, driving on the highway leaking fuel. if you can't keep your car in working condition, you shouldn't be on the highway for you are a danger not only to yourself. Now for a company, that is a little tougher. We don't want to deny our users parts of the internet. However, I do believe I can argue a strong case if the list is well-kept and errs on the side of caution. IOW if I can make a case that the list does considerably more good than damage, then I'm sure I can get my company to use it. One problem is that you can't really filter large chunks of individual IPs on the border routers without investing in new hardware quickly. This will be one of the problems this project needs to solve. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- AW: Publishing Nimda Logs vogt (May 08)