Vulnerability Development mailing list archives
Re: Publishing Nimda Logs
From: Pavel Lozhkin <pavel () atrivo com>
Date: Wed, 08 May 2002 17:20:24 +0400
At the very least, they do have your billing address ;-). I send about 1000+ notifications a day from DShield. Sure, most of them trigger autoreplies. But I find, that some ISPs do appear to takes some action. (scans stop... maybe they just change the IP of the scanner). I usually get better responses from smaller ISPs and Universities. Non-auto responses from large ISPs are an exception.
I believe there is only one way to stop the Nimda and other similar viruses - to stop them on all firewalls (Cisco can do that for example) on transit. And write autocomplainer (as i did and do) which will notify ISPs about the activity. This can be useful for them. -- Pavel Cheif Information Security Officer
Current thread:
- Re: Publishing Nimda Logs, (continued)
- Re: Publishing Nimda Logs Blue Boar (May 07)
- Re: Publishing Nimda Logs ash (May 07)
- Re: Publishing Nimda Logs Laurence Brockman (May 08)
- Re: Publishing Nimda Logs ash (May 08)
- Re: Publishing Nimda Logs Laurence Brockman (May 08)
- is: whois tricks was : Publishing Nimda Logs Matthew McGehrin (May 08)
- RE: whois tricks was : Publishing Nimda Logs Steve Zenone (May 08)
- Re: whois tricks was : whois is what? Matthew McGehrin (May 08)
- RE: whois tricks was : whois is what? Steve Zenone (May 09)
- Re: Publishing Nimda Logs Bernie Cosell (May 08)
- Re: Publishing Nimda Logs Pavel Lozhkin (May 08)
- Re: Publishing Nimda Logs Bernie Cosell (May 07)
- RE: Publishing Nimda Logs Tech Support (May 07)
- Re: Publishing Nimda Logs Blue Boar (May 07)
- Re: Publishing Nimda Logs Bernie Cosell (May 07)
- Re: Publishing Nimda Logs Erik Fichtner (May 07)
- Re: Publishing Nimda Logs Ron DuFresne (May 07)