[40438] in North American Network Operators' Group

home help back first fref pref prev next nref lref last post

RE: Code Red 2 cleanup; reporting..

daemon@ATHENA.MIT.EDU (z@s0be.net)
Thu Aug 9 02:40:01 2001

Date: Wed, 8 Aug 2001 23:36:46 -0700 (PDT)
From: <z@s0be.net>
To: =?X-UNKNOWN?Q?Mathias_K=F6rber?= <mathias@koerber.org>
Cc: <nanog@nanog.org>
In-Reply-To: <NFBBLGLCKLPELBNLAKEPAEBNCAAA.mathias@koerber.org>
Message-ID: <Pine.GSO.4.33.0108082326230.3262-100000@power.s0be.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=X-UNKNOWN
Content-Transfer-Encoding: QUOTED-PRINTABLE
Errors-To: owner-nanog-outgoing@merit.edu




On Thu, 9 Aug 2001, Mathias K=F6rber wrote:

>
> >    Is there an effort abound that would allow for lists of verified 'Co=
de
> > Red 2' infected hosts to be reported for cleanup/mitigation?
> > By known 'Code
> > Red 2' infected hosts, I mean that root.exe has been found to exist on =
the
> > host.
> >
> >   Finding the contact information for a lot of these is proving difficu=
lt
> > being that a fair amount of the infected machines are Joe Blow broadban=
d
> > customers.
>
> Publishing such lists is IMHO not a good idea, as these hosts are vulnera=
ble and
> publishing their addresses would only serve to let more crackers know whe=
re to
> go..

<--( SNIP )-->

Helu,


    Yes, I think that your observation is obvious.. publishing lists of
infected hosts is a bad idea.     My question was asking if there was an
unofficial mitigation process to notify the end-use and/or the providers
involved for clean-up efforts.

    I don't want lists of infected hosts nor do I want to publish lists
of infected hosts.   Being that it is difficult to contact the end-user of
a lot of the infected hosts, is there a discrete process in place for
notifying the provider.. etc etc.

   If nothing is in place, great, I'll just throw e-mails to the
end-users I can find and/or their respective NSP.  If something is
in place.. either unofficial or special contacts at the NSPs, great, I'll
go that route.


=2Ez




home help back first fref pref prev next nref lref last post