Security Incidents mailing list archives
Re: Publishing Nimda Logs
From: E <j46 () btinternet com>
Date: Wed, 08 May 2002 11:50:01 +0000
I have struggled with this problem for months. My ISP has a large number of broadband users, and these people are still infected with nimda.I tried for weeks to get them to do something about it. I even started offering them technical suggestions on ways to prevent it. The end result was absolutely nothing. They obviously do not give a damn about it, and this goes for many other ISP's and organisations. The people who are infected with nimda are being criminally negligent. They are allowing their machines to reinfect others. (Personally I also think Microsoft is criminally negligent for releasing the bogus webserver and OS in the first place). The last resort that I can think of is mailing your nimda logs to the ISP, and yes, I mean every single SYN that comes in should go to them in a seperate email. Then perhaps their tech / security people will start to realise what a complete annoyance this worm is. Publishing the IP's will achieve nothing. Each infected person needs to be notified that he/she is infected. Many are just broadband users in dynamic ip pools, who probably are not aware of the problem anyway. The bets are most network admins dont care about it, perhaps dont even know their users are infected. Serious lessons should be learned here. This is the kind of thing that happens when you dress up an OS designed for secretaries as a webserver / multiuser OS, and put it in the hands of millions of ignorant users. I am shocked that MS is not being held accountable for this (and the multide of other worms in the past couple of years). When are people going to realise that a corporation who puts its OS into the homes of millions of people, bears some responsiblity for the damage, cost, annoyance and above all wasted time caused by poor standards. Deus, Attonbitus" wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 It is truly sad that so many people are still infected with Nimda. There is a company with my corporate ISP that I have notified 3 times now that they are attacking other systems. It seems they can't figure out how not to install Win2k/IIS5.0 while connected to the net. The sad thing is that this is a computer company. I have seen a site where people have published the IP of the offending boxes for stuff like Nimda and CR. I am thinking about doing the same thing so that people can either use that information to block the IP's or to do whatever they want for that matter. I'm curious to see how other feel about this. Is it: 1) Recommended. Go for it and publish the IP's and let the "Gods of IP" sort out the damage. 2) A Bad Thing. These are innocent victims, and you will just have them be attacked by evil people. 3) Boring. Who cares? It's Nimda, and an everyday part of life. Deal with it and ignore the logs. If "1," then I was thinking of going with a "Hall of Shame" and providing ARIN look ups, contacts, and the whole bit. I could even allow other people to post logs there and stuff like that... Input appreciated. AD -----BEGIN PGP SIGNATURE----- Version: PGP 7.1 iQA/AwUBPNgHPIhsmyD15h5gEQLsWACZASlsx6Wew0YfTHAzIHxotQYAdkAAoIoV VSob5Hcw7X9DDzDxNUzXftdm =Xv5m -----END PGP SIGNATURE----- ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Publishing Nimda Logs Deus, Attonbitus (May 07)
- Re: Publishing Nimda Logs Hugo van der Kooij (May 08)
- Re: Publishing Nimda Logs Glenn Forbes Fleming Larratt (May 08)
- Re: Publishing Nimda Logs Rainer Duffner (May 08)
- Re: Publishing Nimda Logs Mally Mclane (May 08)
- RE: Publishing Nimda Logs Steve Zenone (May 08)
- Re: Publishing Nimda Logs Mally Mclane (May 08)
- Re: Publishing Nimda Logs E (May 08)
- RE: Publishing Nimda Logs Benjamin Tomhave (May 08)
- Re: Publishing Nimda Logs John Kristoff (May 08)
- Re: Publishing Nimda Logs jlewis (May 08)
- <Possible follow-ups>
- Re: Publishing Nimda Logs Thomas Frerichs (May 08)
- Re: Publishing Nimda Logs Justin Shore (May 08)
- Re: Publishing Nimda Logs Mally Mclane (May 08)
- Re: Publishing Nimda Logs Richard . Smith (May 08)
- Re: Publishing Nimda Logs Jay D. Dyson (May 09)