nanog mailing list archives
Re: Destructive botnet originating from Japan
From: Jon Lewis <jlewis () lewis org>
Date: Sun, 25 Dec 2005 17:36:27 -0500 (EST)
On Sun, 25 Dec 2005, Rubens Kuhl Jr. wrote:
The first rule of nsp-sec is, you do not talk about nsp-sec The second rule of nsp-sec is, you DO NOT talk about nsp-sec
https://puck.nether.net/mailman/listinfo/nsp-security There's nothing secret about the existence or purpose of the list.I don't know enough about Barrett to guess as to whether or not he'd qualify.
Also, I was considering emailing Barrett privately, but since there seems to be so much misinformation going around, others will probably benefit from this. If you want to send out list of IPs suspected of being bots or really any other class of insecure/0wn3d systems, to make it easier for those who care to find their IPs in your list, run it through the Team Cymru whois server first.
http://www.cymru.com/BGP/whois.htmlThen sort the list numerically by ASN. That way, people can scroll through it, or search by ASN, and quickly determine if there's any further action worth taking.
It's also a really good idea to include timestamps, ideally exact ones in GMT per IP. In this case (unix bots) it's not as likely, but typical windows bots frequently show up on end-user systems with dynamic IPs. Telling me one of my dial pool IPs was a bot "recently" is not as useful as telling me it was a bot 2005-12-25 02:30:45 GMT.
---------------------------------------------------------------------- Jon Lewis | I route Senior Network Engineer | therefore you are Atlantic Net | _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
Current thread:
- Re:Destructive botnet originating from Japan, (continued)
- Re:Destructive botnet originating from Japan chuck goolsbee (Dec 25)
- RE: Re:Destructive botnet originating from Japan Hannigan, Martin (Dec 23)
- Re:Destructive botnet originating from Japan Barrett G. Lyon (Dec 24)
- Re:Destructive botnet originating from Japan Rob Thomas (Dec 24)
- Re:Destructive botnet originating from Japan Gadi Evron (Dec 25)
- Re: Destructive botnet originating from Japan Richard A Steenbergen (Dec 25)
- Re: Destructive botnet originating from Japan Gadi Evron (Dec 25)
- Re:Destructive botnet originating from Japan Rob Thomas (Dec 24)
- Re: Destructive botnet originating from Japan Randy Bush (Dec 25)
- Re: Destructive botnet originating from Japan Rubens Kuhl Jr. (Dec 25)
- Re: Destructive botnet originating from Japan Jon Lewis (Dec 25)
- Re: Destructive botnet originating from California (was Japan) Barrett G. Lyon (Dec 25)
- Re: Destructive botnet originating from California (was Japan) Rob Thomas (Dec 25)
- Re: Destructive botnet originating from California (was Japan) Jon Lewis (Dec 25)
- Re: Destructive botnet originating from California (was Japan) Barrett G. Lyon (Dec 26)
- Compromised machines liable for damage? Dave Pooser (Dec 25)
- Re: Compromised machines liable for damage? Gadi Evron (Dec 26)
- Re: Compromised machines liable for damage? Barrett G . Lyon (Dec 26)
- Re: Compromised machines liable for damage? Peter Dambier (Dec 26)
- Re: Compromised machines liable for damage? Daniel Senie (Dec 26)