[124041] in North American Network Operators' Group


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: NSP-SEC

daemon@ATHENA.MIT.EDU (George Imburgia)
Sat Mar 20 17:19:04 2010

Date: Sat, 20 Mar 2010 16:47:42 -0500 (EST)
From: George Imburgia <nanog@armorfirewall.com>
To: nanog@nanog.org
In-Reply-To: <alpine.LRH.2.00.1003202017580.16614@efes.iucc.ac.il>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org



On Sat, 20 Mar 2010, Hank Nussbacher wrote:

> How exactly would being transparent for the following help Internet security:
>
> "I am seeing a new malware infection vector via port 91714 coming from the IP 
> range of 32.0.0.0/8 that installs a rootkit after visiting the web page
> http://www.trythisoutnow.com/.  In addition, it has credit card and pswd 
> stealing capabilities and sends the details to a maildrop at 
> trythisoutnow@gmail.com"
>
> The only upside of being transparent is alerting the miscreant to change the 
> vector and maildrop.


I disagree. *All* of that information would be useful for configuring 
filters at my border.


Cheers,
George
AD7RL


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[124041] in North American Network Operators' Group

Re: NSP-SEC

daemon@ATHENA.MIT.EDU (George Imburgia)Sat Mar 20 17:19:04 2010

daemon@ATHENA.MIT.EDU (George Imburgia)
Sat Mar 20 17:19:04 2010