[40437] in North American Network Operators' Group
RE: Code Red 2 cleanup; reporting..
daemon@ATHENA.MIT.EDU (Mathias Körber)
Thu Aug 9 02:20:22 2001
From: "Mathias Körber" <mathias@koerber.org>
To: <z@s0be.net>, <nanog@nanog.org>
Date: Thu, 9 Aug 2001 14:19:19 +0800
Message-ID: <NFBBLGLCKLPELBNLAKEPAEBNCAAA.mathias@koerber.org>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
In-Reply-To: <Pine.GSO.4.33.0108082245560.2571-100000@power.s0be.net>
Errors-To: owner-nanog-outgoing@merit.edu
> Is there an effort abound that would allow for lists of verified =
'Code
> Red 2' infected hosts to be reported for cleanup/mitigation? =20
> By known 'Code
> Red 2' infected hosts, I mean that root.exe has been found to exist on =
the
> host.
>=20
> Finding the contact information for a lot of these is proving =
difficult
> being that a fair amount of the infected machines are Joe Blow =
broadband
> customers.
Publishing such lists is IMHO not a good idea, as these hosts are =
vulnerable and
publishing their addresses would only serve to let more crackers know =
where to
go..
