Security Incidents mailing list archives
Re: Publishing Nimda Logs
From: <jlewis () lewis org>
Date: Wed, 8 May 2002 01:56:58 -0400 (EDT)
On Tue, 7 May 2002, Deus, Attonbitus wrote:
I'm curious to see how other feel about this. Is it: 1) Recommended. Go for it and publish the IP's and let the "Gods of IP" sort out the damage. 2) A Bad Thing. These are innocent victims, and you will just have them be attacked by evil people. 3) Boring. Who cares? It's Nimda, and an everyday part of life. Deal with it and ignore the logs.
1 and 3. Some people (those not running MS Crap) probably won't care, but if it's something you want to do, why should that stop you. On some of my personal systems, I've actually setup code to watch apache for Nimda/CR sorts of requests, and firewall them for 24h in addition to emailing me the IP, mostly to keep them from filling my access_logs with their crap. I've also implemented this on a big web hosting server because Nimda/CR probes were actually causing performance issues on the server. This has doubled as an early warning system notifying me that a Windows running coworker has been infected before they know it. If you maintain a list that's easily fetchable, it wouldn't surprise me at all if some people choose to grab it at regular intervals and use it to block access to their web servers. -- ---------------------------------------------------------------------- Jon Lewis *jlewis () lewis org*| I route System Administrator | therefore you are Atlantic Net | _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Publishing Nimda Logs Deus, Attonbitus (May 07)
- Re: Publishing Nimda Logs Hugo van der Kooij (May 08)
- Re: Publishing Nimda Logs Glenn Forbes Fleming Larratt (May 08)
- Re: Publishing Nimda Logs Rainer Duffner (May 08)
- Re: Publishing Nimda Logs Mally Mclane (May 08)
- RE: Publishing Nimda Logs Steve Zenone (May 08)
- Re: Publishing Nimda Logs Mally Mclane (May 08)
- Re: Publishing Nimda Logs E (May 08)
- RE: Publishing Nimda Logs Benjamin Tomhave (May 08)
- Re: Publishing Nimda Logs John Kristoff (May 08)
- Re: Publishing Nimda Logs jlewis (May 08)
- <Possible follow-ups>
- Re: Publishing Nimda Logs Thomas Frerichs (May 08)
- Re: Publishing Nimda Logs Justin Shore (May 08)
- Re: Publishing Nimda Logs Mally Mclane (May 08)
- Re: Publishing Nimda Logs Richard . Smith (May 08)
- Re: Publishing Nimda Logs Jay D. Dyson (May 09)