AW: Publishing Nimda Logs

[vogt () hansenet com]

>   I'm curious to see how other feel about this. Is it:
>
>   1) Recommended. Go for it and publish the IP's and let the 
> "Gods of IP"
>   sort out the damage.
>   2) A Bad Thing. These are innocent victims, and you will 
> just have them be
>   attacked by evil people.
>   3) Boring. Who cares? It's Nimda, and an everyday part of 
> life. Deal with
>   it and ignore the logs.
>
>   If "1," then I was thinking of going with a "Hall of Shame" 
> and providing
>   ARIN look ups, contacts, and the whole bit. I could even allow other
>   people to post logs there and stuff like that...
>
>   Input appreciated.

We already have RBL, and I'm all for creating a new one not limited to
e-mail.
Personally, I'd be more than happy to firewall out all the losers who are,
in
a way, driving on the highway leaking fuel. if you can't keep your car in
working condition, you shouldn't be on the highway for you are a danger not
only to yourself.

Now for a company, that is a little tougher. We don't want to deny our users
parts of the internet. However, I do believe I can argue a strong case if
the
list is well-kept and errs on the side of caution. IOW if I can make a case
that
the list does considerably more good than damage, then I'm sure I can get my
company to use it.

One problem is that you can't really filter large chunks of individual IPs
on
the border routers without investing in new hardware quickly. This will be
one
of the problems this project needs to solve.


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com