RE: drone armies C&C report - July/2005

["Christopher L. Morrow" <christopher.morrow () mci com>]

On Mon, 15 Aug 2005, MARLON BORBA wrote:

> Going further I think IL-CERT is doing a great service to the Internet
> community. Their alerts allow to responsible network admins to

I don't think anyone disputed the 'good work'. The dispute, as often is
the case with these sorts of reports, is 'where did the data come from and
how much can I get to send along to my customer who is the real problem in
this case?'

> investigate and to preserve their networks clean of debris like spyware
> and trojans.

'investigation' often ends with: "this is customer 12, tell them to fix
it" which means sending down logs/info/help/blah to get customer 12 to
understand and believe there is a problem. :(

> Do what you want with your networks, but PLEASE keep the Internet clean.

Sure thing, note the coming shutdown for vaccuuming up the old/stale/lost
packets please.

> Abraços,
> Marlon Borba, CISSP.
> --
> Nova campanha:
> Centro de Resposta a Incidentes de
> Segurança da Justiça Federal - Vamos criar!
> --
> > > > "Hannigan, Martin" <hannigan () verisign com> 08/15/05 6:05 PM >>>
>
>
> The question of self promotion came back split down
> the middle.
>
> It was noted that IL CERT does a fantastic job seeing that
> there are no IL networks listed. Or none that are easily
> identifiable.
> [...]