Home page logo

nanog logo nanog mailing list archives

Re: BlackWorm infected IP's reporting
From: Martin Hannigan <hannigan () world std com>
Date: Wed, 25 Jan 2006 13:04:34 -0500 (EST)


On Mi, 2006-01-25 at 03:20 -0500, Martin Hannigan wrote:


In the next day or so some of us will cooperate to bring to the 
attention of all effected AS's information about infected users in their 

That would be "affected". 

This will be coordinated with several groups and organizations. Please 
expect these emails, thanks.

In other words, NANOG is a step child of these and we'll only see
the PR? If you're going to keep the mitigations off of NANOG, it's
probably safe to keep it all off. We all read newspapers, blogs, and

sorry, but i couldn't understand your problem. I think it's just a
usefull information, wich AS is infected by a critical worm. Also i
relay this information to people, who think this informations are
usefull, too.

Ok, perhaps there are people to advertise themselves, but why not? When
they invest time in this work, why aren't they allowed to get some kind
of approval?

Nah, we already know who those people are. It's more like if you keep
predicting a blizzard and I wake up and there was a misting of rain, 
I keep getting less and less interested in the predictions. It costs
real money to get these dances going and unless you're going to give
us all the information, please don't bother. The snort SIDS were 
nice, but as far as I am concerned, IL-CERT is not a trusted 

The third story about this horrrible worm:


If I don't see SANS running around with their capes off, I don't
really pay too much attention. The last one wasn't a big hit like
they thought, but they do good work. I "trust" them more than 
I trust IL-CERT telling North Americans to drop our hotdogs, turn
off our football, and get ready for "worms". I'd hope to see US-CERT
continue making progress and telling North Americans when to worry.

The work everyone is doing is fantastic, but it's pretty clear
trust is being ignored and while we're ont he subject proper delivery
of files with checksums etc. It ain't happening anymore.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]