Vulnerability Development mailing list archives
RE: Publishing Nimda Logs
From: "Silcock, Stephen" <stephen_silcock () cleanaway com au>
Date: Wed, 8 May 2002 12:35:14 +1000
I think many people are underestimating the potential for damage these machines hold... Eli. K. Breen. put his (small, personal) list of infected hosts on a web page and posted the address to the list. I now have as a result a list of about 2000 infected, and therefore trivially exploitable hosts. While some may be dynamic IP's and some may not be as trivially exploitable as it seems; 2000 is a good ballpark figure. I could; if I had the time and the inclination knock up a DDoS network within the space of a day or two using that information - 2000 hosts is no small number. Add to that any other Nimda lists I can lay my hands on, not to mention the even-more-trivially exploitable CodeRed backdoored machines and you have a ready made DDoS network just waiting for someone to use it. The machines need to be cleaned and set up securely. If the people running them can't do it they have no business having an internet connection; they're a liabiltiy to the rest of the internet community... Unfortunately there are only two ways I can see this happening; ISP's being made accountable for allowing these hosts to remain connected, or compromising the machines and patching/shutting them down in an automated fashion, which is illegal pretty much everywhere I would assume and probably not very effective as the machines would probably just be rebuilt or restored insecurely as before. So (resisting the urge to rant about Microsoft's buggy mass marketed bloatware) it comes down to ISP's having to disconnect their own customers... My $0.02 S. :) PLEASE NOTE: This email transmission is confidential and intended solely for the addressee. If you are not the intended addressee, you must not use, disclose or print this transmission and you should delete it from your system.
Current thread:
- Re: Publishing Nimda Logs, (continued)
- Re: Publishing Nimda Logs Ron DuFresne (May 07)
- Re: Publishing Nimda Logs hellNbak (May 07)
- Re: Publishing Nimda Logs Jonathan Bloomquist (May 07)
- Re: Publishing Nimda Logs Lincoln Yeoh (May 08)
- RE: Publishing Nimda Logs Eli K. Breen (May 07)
- RE: Publishing Nimda Logs Andy Wood (May 08)
- Re: Publishing Nimda Logs Nick Lange (May 08)
- RE: Publishing Nimda Logs Andy Wood (May 08)
- Re: Publishing Nimda Logs warchild (May 07)
- Re: Publishing Nimda Logs Boyd Lynn Gerber (May 08)
- Re: Publishing Nimda Logs mlafon (May 07)
- RE: Publishing Nimda Logs Silcock, Stephen (May 07)
- RE: Publishing Nimda Logs brossini (May 08)
- RE: Publishing Nimda Logs Andy Wood (May 08)
- RE: Publishing Nimda Logs Jose Nazario (May 08)
- Re: Publishing Nimda Logs Clinton Smith (May 08)
- RE: Publishing Nimda Logs Alexander Sarras (ABG) (May 08)
- RE: Publishing Nimda Logs Ron DuFresne (May 08)
- Re: Publishing Nimda Logs zeno (May 08)
- Re: Publishing Nimda Logs Raistlin (May 08)
- Fw: Publishing Nimda Logs Knud Erik Højgaard (May 08)
- RE: Publishing Nimda Logs Healy, S. S., CTM2 (May 08)
(Thread continues...)