Snort mailing list archives
Re: A case of beer on 63.204.135.168
From: dr.kaos <dr.kaos () kaos to>
Date: Fri, 22 Feb 2002 19:26:08 -0500
On Friday 22 February 2002 07:04 pm, John Sage wrote:
I used to feel the same, back in November, maybe, but it's late February 2002 and the incessant rain of Code Red/Nimda probes continues unrelenting. My personal opinion about all the infected boxes that are clearly utterly unmaintained by anyone is: "Screw 'em" I mean, these clowns are not paying a bit of attention to what they're doing, and they're ignorant to the fact that their boxes are still attempting to infect other clueless idiots^H^H^H^H^H^H people's boxes. Off with their heads!
Fair enough. And for the most part, I agree with you and jeff both... however, since I do this for a living, I have to stand behind what I preach. Surprisingly, there are still a large number of well-known commercial organizations like [name-removed] with security admins as clueless as our unsuspecting home IIS user. Problem is, if we post their names and IP's to the masses, we are in fact contributing to the possibility that their boxes will generate _more_ noise in our logs because of the increased probability that these infected hosts will be found. For instance, in Jeff's earlier post, he mentioned an open relay on port 25 of the host he scanned. Anyone want to bet that someone saw that in the post and uses the IP specified as a spam relay? I'm betting there's a pretty good chance. And that just means more spam for you and me to killfile. I agree, off with their heads! But... I think the best way to decapitate them is to let their ISP's know about the problem so the ISP's can take them offline till the problem is resolved. Then no more codered, no more nimda, and no more spam, at least from _one_ IP... ./dr.k _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- attack Scott Taylor (Feb 22)
- Re: attack Erek Adams (Feb 22)
- Re: attack Phil Wood (Feb 22)
- RE: attack Wayne Work (Feb 22)
- Re: attack Skip Carter (Feb 22)
- A case of beer on 63.204.135.168 Jeff Jennings (Feb 22)
- Re: A case of beer on 63.204.135.168 dr . kaos (Feb 22)
- Re: A case of beer on 63.204.135.168 John Sage (Feb 22)
- Re: A case of beer on 63.204.135.168 dr . kaos (Feb 22)
- Message not available
- Re: A case of beer on 63.204.135.168 John Sage (Feb 22)
- A case of beer on 63.204.135.168 Jeff Jennings (Feb 22)
- Re: A case of beer on 63.204.135.168 Ryan Lindsey (Feb 22)
- Re: A case of beer on 63.204.135.168 John Sage (Feb 22)
- Re: A case of beer on 63.204.135.168 spyguy703 (Feb 22)
- OT: A case of beer on 63.204.135.168 Chris Keladis (Feb 22)
- Re: attack Erek Adams (Feb 22)
- Re: A case of beer on 63.204.135.168 John Kiehnle (Feb 23)
- <Possible follow-ups>
- re: attack Glenn Forbes Fleming Larratt (Feb 22)
- RE: attack McCammon, Keith (Feb 22)
- Re: re: attack Scott Taylor (Feb 22)