Vulnerability Development mailing list archives
Re: Publishing Nimda Logs
From: hellNbak <hellnbak () nmrc org>
Date: Tue, 7 May 2002 13:18:30 -0400 (EDT)
What I did with my Nimda/Code Red logs and an unresponsive ISP was write up a script that copied the logs into a directory that is accessable from my web site then have an email generated and sent to the abuse@ contact at the ISP. At one point they were getting 20+ emails a day from me and finally asked me to stop. I told them that I refuse to stop until they dealt with their customers. This worked. The other amsuing/assholic thing I did was link the logs in txt format to www.mywebsite/stupidpeople/dummyoftheday.txt and let whomever wanted surf to my web site and see the logs.... On Tue, 7 May 2002, Deus, Attonbitus wrote:
Date: Tue, 07 May 2002 09:55:20 -0700 From: "Deus, Attonbitus" <Thor () HammerofGod com> To: vuln-dev () securityfocus com Subject: Publishing Nimda Logs -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 It is truly sad that so many people are still infected with Nimda. There is a company with my corporate ISP that I have notified 3 times now that they are attacking other systems. It seems they can't figure out how not to install Win2k/IIS5.0 while connected to the net. The sad thing is that this is a computer company. I have seen a site where people have published the IP of the offending boxes for stuff like Nimda and CR. I am thinking about doing the same thing so that people can either use that information to block the IP's or to do whatever they want for that matter. I'm curious to see how other feel about this. Is it: 1) Recommended. Go for it and publish the IP's and let the "Gods of IP" sort out the damage. 2) A Bad Thing. These are innocent victims, and you will just have them be attacked by evil people. 3) Boring. Who cares? It's Nimda, and an everyday part of life. Deal with it and ignore the logs. If "1," then I was thinking of going with a "Hall of Shame" and providing ARIN look ups, contacts, and the whole bit. I could even allow other people to post logs there and stuff like that... Input appreciated. AD -----BEGIN PGP SIGNATURE----- Version: PGP 7.1 iQA/AwUBPNgG94hsmyD15h5gEQI+igCg3plbeP+TLJcr71MfzkvHI+/t/dsAn2ve 83gug5UTKCYW+x4ZwNDPSTEE =P0lX -----END PGP SIGNATURE-----
-- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- "I don't intend to offend, I offend with my intent" hellNbak () nmrc org http://www.nmrc.org/~hellnbak -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Current thread:
- Re: Publishing Nimda Logs, (continued)
- Re: Publishing Nimda Logs Bernie Cosell (May 08)
- Re: Publishing Nimda Logs Pavel Lozhkin (May 08)
- Re: Publishing Nimda Logs Bernie Cosell (May 07)
- RE: Publishing Nimda Logs Tech Support (May 07)
- Re: Publishing Nimda Logs Blue Boar (May 07)
- Re: Publishing Nimda Logs Bernie Cosell (May 07)
- Re: Publishing Nimda Logs Erik Fichtner (May 07)
- Re: Publishing Nimda Logs Ron DuFresne (May 07)
- Re: Publishing Nimda Logs Lincoln Yeoh (May 08)
- RE: Publishing Nimda Logs Andy Wood (May 08)
- Re: Publishing Nimda Logs Nick Lange (May 08)