Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
From: ipfw sponix (sponix2ipfwhotmail.com)
Date: Fri Feb 22 2002 - 21:04:52 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    I'd have to follow John Sage <jsagefinchhaven.com> a bit on that one

    Well, I'm just a bit tired of these idiots draining my bandwidth. I mean,
    its cut down to 3-20 attempts a day now, but when Nimda first came out we
    had a year old log file grow to three forths nimda logging in less than 4

    If I thought there was a snow balls chance ---- I'd start sending out bills
    to these people for monthly waisted bandwidth due to their ignorance...

    Moral of the story is, if these people can't learn to operate there
    computers a bit they should box them up and donate them to one of my
    projects or something.

    for the record, the posting of IP's and so forth is a bit overboard imho --
    attempting to contact the person, or their ISP is best :)

    well, take care

    >From: dr.kaos <dr.kaoskaos.to>
    >To: John Sage <jsagefinchhaven.com>, snort-userslists.sourceforge.net
    >Subject: Re: [Snort-users] A case of beer on
    >Date: Fri, 22 Feb 2002 19:26:08 -0500
    >On Friday 22 February 2002 07:04 pm, John Sage wrote:
    > > I used to feel the same, back in November, maybe, but it's late
    > > February 2002 and the incessant rain of Code Red/Nimda probes
    > > continues unrelenting.
    > >
    > > My personal opinion about all the infected boxes that are clearly
    > > utterly unmaintained by anyone is: "Screw 'em"
    > >
    > > I mean, these clowns are not paying a bit of attention to what they're
    > > doing, and they're ignorant to the fact that their boxes are still
    > > attempting to infect other clueless idiots^H^H^H^H^H^H people's boxes.
    > >
    > > Off with their heads!
    >Fair enough. And for the most part, I agree with you and jeff both...
    >however, since I do this for a living, I have to stand behind what I
    >Surprisingly, there are still a large number of well-known commercial
    >organizations like [name-removed] with security admins as clueless as our
    >unsuspecting home IIS user. Problem is, if we post their names and IP's to
    >the masses, we are in fact contributing to the possibility that their boxes
    >will generate _more_ noise in our logs because of the increased probability
    >that these infected hosts will be found.
    >For instance, in Jeff's earlier post, he mentioned an open relay on port 25
    >of the host he scanned. Anyone want to bet that someone saw that in the
    >and uses the IP specified as a spam relay? I'm betting there's a pretty
    >chance. And that just means more spam for you and me to killfile.
    >I agree, off with their heads! But... I think the best way to decapitate
    >is to let their ISP's know about the problem so the ISP's can take them
    >offline till the problem is resolved. Then no more codered, no more nimda,
    >and no more spam, at least from _one_ IP...
    >Snort-users mailing list
    >Go to this URL to change user options or unsubscribe:
    >Snort-users list archive:

    Chat with friends online, try MSN Messenger: http://messenger.msn.com

    Snort-users mailing list
    Go to this URL to change user options or unsubscribe:
    Snort-users list archive: