Security Incidents mailing list archives
Re: Publishing Nimda Logs
From: Justin Shore <macdaddy () neo pittstate edu>
Date: Wed, 8 May 2002 13:31:23 -0500
On 5/8/02 10:47 AM Mally Mclane said...
I'm curious to see how other feel about this. Is it: 1) Recommended. Go for it and publish the IP's and let the "Gods of IP" sort out the damage. 2) A Bad Thing. These are innocent victims, and you will just have them be attacked by evil people. 3) Boring. Who cares? It's Nimda, and an everyday part of life. Deal with it and ignore the logs.If you have Apache et.al. No3 is the best option. ;-) Everything else, like building lists of vulnerable IPs can either be considered a "hobby" or will help script-kiddies and IRC-weenies build an army of zombies in the medium term. ARIN (+RIPE + APNIC + ...) information isn't very reliable anyway. There have been several threads about this. And if you've complained to SPAM before, you may already know this.hrm, I have to disagree here. 9 times out of 10, if you want contact information, the RIPEdb will supply *correct* contact information. And ops () ripe net will *always* try to help you out if you don't get correct contact information.
I've had pretty good luck with RIPE's data (although I do find it harder to read and navigate than ARIN's. I've had world's better luck with RIPE that APNIC. I don't think I've ever gotten useful information out of APNIC. In the course of reporting spam, I use whois a lot. I never seem to get anything out of APNIC that I can use (little things, like an abuse contact---bah, who would ever need that!). Justin -- Justin Shore, ES-SS ES-SSR Pittsburg State University Network & Systems Manager Kelce 157Q Office of Information Systems Pittsburg, KS 66762 Voice: (620) 235-4606 Fax: (620) 235-4545 http://www.pittstate.edu/ois/ Warning: This message has been quadruple Rot13'ed for your protection. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Re: Publishing Nimda Logs, (continued)
- Re: Publishing Nimda Logs Hugo van der Kooij (May 08)
- Re: Publishing Nimda Logs Glenn Forbes Fleming Larratt (May 08)
- Re: Publishing Nimda Logs Rainer Duffner (May 08)
- Re: Publishing Nimda Logs Mally Mclane (May 08)
- RE: Publishing Nimda Logs Steve Zenone (May 08)
- Re: Publishing Nimda Logs Mally Mclane (May 08)
- Re: Publishing Nimda Logs E (May 08)
- RE: Publishing Nimda Logs Benjamin Tomhave (May 08)
- Re: Publishing Nimda Logs John Kristoff (May 08)
- Re: Publishing Nimda Logs jlewis (May 08)
- Re: Publishing Nimda Logs Thomas Frerichs (May 08)
- Re: Publishing Nimda Logs Justin Shore (May 08)
- Re: Publishing Nimda Logs Mally Mclane (May 08)
- Re: Publishing Nimda Logs Richard . Smith (May 08)
- Re: Publishing Nimda Logs Jay D. Dyson (May 09)