Re: Publishing Nimda Logs

[warchild () spoofed org]

>   1) Recommended. Go for it and publish the IP's and let the "Gods of IP"
>   sort out the damage.

I can easily overlook the potential for negative impact resulting from such
a list.  What about a log of all correspondence between you and
(supposedly) responsible parties?  Proof that providers are acting
irresponsibly could have a larger impact.  Personally, every email that I
send to my provider is hand crafted.  I occassionally even make references
to previous emails.  This tends to imply "I've told you about this before,
and its happening again. Why?"
 

>   2) A Bad Thing. These are innocent victims, and you will just have them be
>   attacked by evil people.

As shown by all the replies to this message so far, it is pretty clear that
publishing such a list has *potential* for negative impact.  Are the risks
involved with publishing such a list greater than getting an ISP to
act responsibly, be a proper netizen, and in general, run a tight ship?  I
think not.

 
>   3) Boring. Who cares? It's Nimda, and an everyday part of life. Deal with
>   it and ignore the logs.

To contradict myself, what if these machines stay online and remain
vulnerable?  It is only a matter of time before they become merely an
annoyance in your web logs.   

If acting responsibly and reporting abuse to providers isn't working (and
it sure as hell hasn't worked for me), a more aggressive course of action
is needed.  I know what my choice is.

for what its worth,

-jon