|
Security Incidents
mailing list archives
Re: Publishing Nimda Logs
From: Hugo van der Kooij <hvdkooij () vanderkooij org>
Date: Wed, 8 May 2002 08:01:41 +0200 (CEST)
On Tue, 7 May 2002, Deus, Attonbitus wrote:
It is truly sad that so many people are still infected with Nimda. There
is a company with my corporate ISP that I have notified 3 times now that
they are attacking other systems. It seems they can't figure out how not
to install Win2k/IIS5.0 while connected to the net. The sad thing is that
this is a computer company.
Send a formal complaint to the ISP. It's their responsability as well as
soon as you send a formal complaint. Send a formal complaint by
snailmail to that company. Let them sign for receipt.
Include logging and such and charge them with:
- harrasment.
- improper usage of you computer facilities.
.....
I have seen a site where people have published the IP of the offending
boxes for stuff like Nimda and CR. I am thinking about doing the same
thing so that people can either use that information to block the IP's or
to do whatever they want for that matter.
I display all seen nimda cases for several months now.
(http://hvdkooij.xs4all.nl/logging.cms)
I als run earlybird so the owner of the IP block that has an offending
machine gets one warning per day informing them of their problem.
I am under the impression that it has some impact. (Now ISP's and so will
learn about infections within a minute after a machine in their netblock
starts harrassing me.)
Hugo.
--
All email send to me is bound to the rules described on my homepage.
hvdkooij () vanderkooij org http://hvdkooij.xs4all.nl/
Don't meddle in the affairs of sysadmins,
for they are subtle and quick to anger.
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
 By Date 
By Thread
Current thread:
| 
Intro
