OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Andy Wood (network.designcox.net)
Date: Wed May 08 2002 - 06:53:26 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

            It's not surprising either that almost 50% of those listed have
    NetBIOS (TCP 139) open.

    -----Original Message-----
    From: Eli K. Breen [mailto:eligopostal.ca]
    Sent: Tuesday, May 07, 2002 4:48 PM
    To: Deus, Attonbitus
    Cc: vuln-devsecurityfocus.com
    Subject: RE: Publishing Nimda Logs

    I've been tracking nimda attacks and IPs with a tiny PERL script.
    Results are at http://www.sectornotfound.com/files/NIMDA.stats (since
    Sept. 18th
    2001)

    -Eli

    -----Original Message-----
    From: Deus, Attonbitus [mailto:ThorHammerofGod.com]
    Sent: Tuesday, May 07, 2002 9:55 AM
    To: vuln-devsecurityfocus.com
    Subject: Publishing Nimda Logs

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

      It is truly sad that so many people are still infected with Nimda.
    There
      is a company with my corporate ISP that I have notified 3 times now
    that
      they are attacking other systems. It seems they can't figure out how
    not
      to install Win2k/IIS5.0 while connected to the net. The sad thing is
    that
      this is a computer company.

      I have seen a site where people have published the IP of the offending
      boxes for stuff like Nimda and CR. I am thinking about doing the same
      thing so that people can either use that information to block the IP's
    or
      to do whatever they want for that matter.

      I'm curious to see how other feel about this. Is it:

      1) Recommended. Go for it and publish the IP's and let the "Gods of
    IP"
      sort out the damage.
      2) A Bad Thing. These are innocent victims, and you will just have
    them be
      attacked by evil people.
      3) Boring. Who cares? It's Nimda, and an everyday part of life. Deal
    with
      it and ignore the logs.

      If "1," then I was thinking of going with a "Hall of Shame" and
    providing
      ARIN look ups, contacts, and the whole bit. I could even allow other
      people to post logs there and stuff like that...

      Input appreciated.

      AD

    -----BEGIN PGP SIGNATURE-----
    Version: PGP 7.1

    iQA/AwUBPNgG94hsmyD15h5gEQI+igCg3plbeP+TLJcr71MfzkvHI+/t/dsAn2ve
    83gug5UTKCYW+x4ZwNDPSTEE
    =P0lX
    -----END PGP SIGNATURE----- 

    ---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.351 / Virus Database: 197 - Release Date: 4/19/2002
 

    ---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.351 / Virus Database: 197 - Release Date: 4/19/2002