nanog mailing list archives
Re: scripts to map IP to AS?
From: "Johannes Ullrich" <jullrich () euclidian com>
Date: Thu, 20 Feb 2003 09:46:07 -0500
Then you'd better reach over to all of your upstream routers and just pull the plug, since you are likely to see Sapphire packets from here on in, on a regular basis.Better is to do the whois lookup and send pre-formatted e-mail about the infected server as people did after Code-Red.
We are doing that with the reports we get for DShield. However, in particular with consumer ISPs, there does not seem to be too much effort to notify infected customers. On the other hand, how hard is it for an ISP to monitor port 1434 and call up a customer whenever there is a 'flareup'? I think this would be the easiest way to get rid of this problem. I see that port 80 / code red is harder as it essentially requires content inspection. But Sapphire should be rather easy to detect by watching outbound traffic.
Current thread:
- scripts to map IP to AS? William Allen Simpson (Feb 20)
- Re: scripts to map IP to AS? Alif The Terrible (Feb 20)
- Re: scripts to map IP to AS? Hank Nussbacher (Feb 20)
- Re: scripts to map IP to AS? Johannes Ullrich (Feb 20)
- M$SQL cleanup incentives William Allen Simpson (Feb 20)
- Re: M$SQL cleanup incentives Iljitsch van Beijnum (Feb 20)
- Re: M$SQL cleanup incentives Valdis . Kletnieks (Feb 20)
- Re: M$SQL cleanup incentives William Allen Simpson (Feb 21)
- Re: M$SQL cleanup incentives John Kristoff (Feb 21)
- Re: M$SQL cleanup incentives Randy Bush (Feb 21)
- Re: scripts to map IP to AS? Hank Nussbacher (Feb 20)
- Re: M$SQL cleanup incentives Iljitsch van Beijnum (Feb 21)
- Re: M$SQL cleanup incentives Doug Clements (Feb 22)
- Re: M$SQL cleanup incentives William Allen Simpson (Feb 22)
- Re: M$SQL cleanup incentives Doug Clements (Feb 22)
- Re: scripts to map IP to AS? Alif The Terrible (Feb 20)