|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: leon (leon.inyc
verizon.net)Date: Wed May 08 2002 - 21:41:34 CDT
I am just curious as to why ANYONE thinks ANY ISP is going to cut off
their life blood (their customers) just to appease someone who is not
even being hacked (just probed).
Just curious because I have a friend who is VP of an ISP and he said any
isp who did that would be crazy. The person would get annoyed and take
his business elsewhere. Not to mention that most people are not
accounting for dynamic ips. Finally, I would have to say that I don't
think the isp have the resources or the desire to track down every
single person infected with code red or nimda.
My 2 cents (on the current market worth about .05)
Cheers,
Leon
-----Original Message-----
From: lorenzo [mailto:lorenzodigitalmind.it]
Sent: Wednesday, May 08, 2002 2:01 PM
To: vuln-devsecurityfocus.com
Subject: about disclosure of nimda logs
I agree with the fact that on those mailing lists there is a full
disclosure of vulnerabilities; but let us not forget that there is
usually a period of time left to the vendors to fix them.
So, why not allow a period of time after which the logs will be made
public?
The question is: can the owner of the machine be contacted?
If yes, then allow him 2 weeks.
If not, let's say 3 weeks.
I'm saying '3 weeks' because sometimes people don't want to leave
contact information, or their contact e-mail are too spammed - so it's
not necessarily their fault if they cannot be contacted.
But after 3 weeks I assume that every script kiddie in the world will
have the machine's address, so publishing it won't affect too much the
bandwidth.
Opinions?
--lorenzo lorenzo
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]