Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Sobig.f surprise attack today

  • From: Mike Tancsa
  • Date: Thu Aug 28 16:12:32 2003

At 12:54 PM 28/08/2003 -0700, Dan Hollis wrote:
> Alternatively, perhaps we could, instead, publish an INFECTED SYSTEMS
> blacklist
> based on such connections to a honeypot.  Any system which made the correct
> request could then have it's address published via BGP or DNS for ISPs and
> the like to do as they wish.

an infected host dnsrbl doesnt sound like a bad idea...
I dont think this would work too well. The users who are infected often think something is wrong because their connection and computer are not working quite right. So they disconnect / reconnect / reboot so they burn through quite a few dynamic IP addresses along the way.

---Mike




Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.