Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Publishing Nimda Logs

From: Jose Nazario <jose () monkey org>
Date: Wed, 8 May 2002 13:56:00 -0400 (EDT)
On Wed, 8 May 2002 brossini () csc com au wrote:


It would, however, be pretty niave of us to think that attackers
couldn't find lists of infected machines by other means.


so the issue isn't "attackers can't get this info by other means". it's
that the quanitity of information would be greatly enhanced by this kind
of action, publishing logs.

i have lists from networks i sit on, including my cable modem's network.
moderatly saavy attacks do, too. there is no reason, though, why someone
should help them get an order of magnitude more hosts.

that's the issue, that in publishing these logs you are explicitely
helping any attackers gather this info.

___________________________
jose nazario, ph.d.                     jose () monkey org
                                        http://www.monkey.org/~jose/
Previous By Date Next
Previous By Thread Next

Current thread: