nanog mailing list archives
Re: NSP-SEC
From: George Imburgia <nanog () armorfirewall com>
Date: Sat, 20 Mar 2010 16:47:42 -0500 (EST)
On Sat, 20 Mar 2010, Hank Nussbacher wrote:
How exactly would being transparent for the following help Internet security:"I am seeing a new malware infection vector via port 91714 coming from the IP range of 32.0.0.0/8 that installs a rootkit after visiting the web page http://www.trythisoutnow.com/. In addition, it has credit card and pswd stealing capabilities and sends the details to a maildrop at trythisoutnow () gmail com"The only upside of being transparent is alerting the miscreant to change the vector and maildrop.
I disagree. *All* of that information would be useful for configuring filters at my border.
Cheers, George AD7RL
Current thread:
- Re: NSP-SEC, (continued)
- Re: NSP-SEC Guillaume FORTAINE (Mar 23)
- Re: NSP-SEC Valdis . Kletnieks (Mar 23)
- Re: NSP-SEC Nick Hilliard (Mar 23)
- Re: NSP-SEC Guillaume FORTAINE (Mar 20)
- Re: NSP-SEC Sean Donelan (Mar 20)
- Re: NSP-SEC Gadi Evron (Mar 20)
- Re: NSP-SEC William Pitcock (Mar 20)
- Re: NSP-SEC Guillaume FORTAINE (Mar 21)
- Re: NSP-SEC Andrew D Kirch (Mar 21)
- Re: NSP-SEC Sean Donelan (Mar 20)
- Re: NSP-SEC George Imburgia (Mar 20)
- Re: NSP-SEC James Bensley (Mar 21)
- Re: NSP-SEC Rich Kulawiec (Mar 21)
- RE: NSP-SEC Alex Lanstein (Mar 21)
- Re: NSP-SEC Patrick W. Gilmore (Mar 21)
- Re: NSP-SEC Lorand Jakab (Mar 22)
- RE: NSP-SEC Adam Stasiniewicz (Mar 19)