nanog mailing list archives

Re: NSP-SEC

From: George Imburgia <nanog () armorfirewall com>
Date: Sat, 20 Mar 2010 16:47:42 -0500 (EST)



On Sat, 20 Mar 2010, Hank Nussbacher wrote:

How exactly would being transparent for the following help Internet security:
"I am seeing a new malware infection vector via port 91714 coming from the IPrange of 32.0.0.0/8 that installs a rootkit after visiting the web pagehttp://www.trythisoutnow.com/. In addition, it has credit card and pswdstealing capabilities and sends the details to a maildrop attrythisoutnow () gmail com"
The only upside of being transparent is alerting the miscreant to change thevector and maildrop.

I disagree. *All* of that information would be useful for configuringfilters at my border.



Cheers,
George
AD7RL

Current thread:

Re: NSP-SEC, (continued)
- - - Re: NSP-SEC Guillaume FORTAINE (Mar 23)
    - Re: NSP-SEC Valdis . Kletnieks (Mar 23)
    - Re: NSP-SEC Nick Hilliard (Mar 23)
    - Re: NSP-SEC Guillaume FORTAINE (Mar 20)
    - Re: NSP-SEC Sean Donelan (Mar 20)
    - Re: NSP-SEC Gadi Evron (Mar 20)
    - Re: NSP-SEC William Pitcock (Mar 20)
    - Re: NSP-SEC Guillaume FORTAINE (Mar 21)
    - Re: NSP-SEC Andrew D Kirch (Mar 21)
    - Re: NSP-SEC Sean Donelan (Mar 20)
    - Re: NSP-SEC George Imburgia (Mar 20)
- Re: NSP-SEC Valdis . Kletnieks (Mar 19)
  - Re: NSP-SEC James Bensley (Mar 21)
    - Re: NSP-SEC Rich Kulawiec (Mar 21)
    - RE: NSP-SEC Alex Lanstein (Mar 21)
    - Re: NSP-SEC Patrick W. Gilmore (Mar 21)
    - Re: NSP-SEC Lorand Jakab (Mar 22)
    - Re: NSP-SEC Valdis . Kletnieks (Mar 21)
    - Message not available
    - Re: NSP-SEC James Bensley (Mar 22)
- Re: NSP-SEC David Barak (Mar 19)
  - RE: NSP-SEC Adam Stasiniewicz (Mar 19)

(Thread continues...)