Vulnerability Development mailing list archives
RE: Publishing Nimda Logs
From: "Healy, S. S., CTM2" <sshealy () nsgasg navy mil>
Date: Wed, 8 May 2002 10:01:28 -0400
I'm just waiting for the day where a sysadmin gets fed up with being scanned by NIMDA and rewrites NIMDA to start patching the systems it infects. What would you call such a beast, a retro-virus or an anti-virus virus? -Steve- -----Original Message----- From: Ron DuFresne [mailto:dufresne () winternet com] Sent: Tuesday, May 07, 2002 6:48 PM To: Chip McClure Cc: Deus, Attonbitus; vuln-dev () securityfocus com Subject: Re: Publishing Nimda Logs I've also pretty much given up on trying to clue folks to nimda issues they still have, same with code red variants which are still plentiful. I've started to blackhole whol IP blocks due to this problem. Some companies, even when notified of their systems compromise and their being used to further attack other systems don't even take the time to either investigate, nor repair such systems. We've taken to having to block the whole netspace for many sites, such as the City of Ashland in Oregon, (NETBLK-SPRINT-D00150-2) SPRINT-D00150-2 208.1.80.0 - 208.1.83.255, whose systems are so infested with code-red and nimda variants and who fail as well as Sprint, their upstream provider, in taking any action about their systems attacks on others on the Internet infamous highway. We tried to actually call and talk to their techs and were rudely hung up on, this after over 6 months of notifications to them and their upstream ISP Sprint. Although Jose Nazario does mention these systems can be 0w3d after a publication of IP's of infected systems, I'm at this point not caring if they get taken. They are a pain and further spreading their problem as it is. I suspect many of these systems are at least partially 0w3d and used as DDOS mechanisms already. The hame of shame list should include the ISP's in question too, the upstreams have been notified as well as the direct offender, most many times over many months. Nothing else has worked... Thanks, Ron DuFresne
Current thread:
- RE: Publishing Nimda Logs, (continued)
- RE: Publishing Nimda Logs Silcock, Stephen (May 07)
- RE: Publishing Nimda Logs brossini (May 08)
- RE: Publishing Nimda Logs Andy Wood (May 08)
- RE: Publishing Nimda Logs Jose Nazario (May 08)
- Re: Publishing Nimda Logs Clinton Smith (May 08)
- RE: Publishing Nimda Logs Alexander Sarras (ABG) (May 08)
- RE: Publishing Nimda Logs Ron DuFresne (May 08)
- Re: Publishing Nimda Logs zeno (May 08)
- Re: Publishing Nimda Logs Raistlin (May 08)
- Fw: Publishing Nimda Logs Knud Erik Højgaard (May 08)
- RE: Publishing Nimda Logs Healy, S. S., CTM2 (May 08)
- Re: Publishing Nimda Logs Knud Erik Højgaard (May 08)
- is: greyhat virus was Re: Publishing Nimda Logs Matthew McGehrin (May 08)
- Re: Publishing Nimda Logs Meritt James (May 08)
- Re: Publishing Nimda Logs Jordan Frank (May 08)
- Re: Publishing Nimda Logs Valdis . Kletnieks (May 09)
- Re: Publishing Nimda Logs John Dow (May 09)
- RE: Publishing Nimda Logs amonotod (May 08)
- RE: Publishing Nimda Logs Emre Yildirim (May 08)
- RE: Publishing Nimda Logs .JanusAurelius (May 08)
- RE: Publishing Nimda Logs amonotod (May 09)
(Thread continues...)