Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: BlackWorm infected IP's reporting

  • From: Martin Hannigan
  • Date: Wed Jan 25 13:11:47 2006

> 
> Hi,
> 
> On Mi, 2006-01-25 at 03:20 -0500, Martin Hannigan wrote:
> > > 
> > > 
> > > Hi.
> > > 
> > > In the next day or so some of us will cooperate to bring to the 
> > > attention of all effected AS's information about infected users in their 
> > > net-space.
> > 
> > That would be "affected". 
> > 
> > > This will be coordinated with several groups and organizations. Please 
> > > expect these emails, thanks.
> > 
> > In other words, NANOG is a step child of these and we'll only see
> > the PR? If you're going to keep the mitigations off of NANOG, it's
> > probably safe to keep it all off. We all read newspapers, blogs, and
> > slashdot. 
> 
> sorry, but i couldn't understand your problem. I think it's just a
> usefull information, wich AS is infected by a critical worm. Also i
> relay this information to people, who think this informations are
> usefull, too.
> 
> Ok, perhaps there are people to advertise themselves, but why not? When
> they invest time in this work, why aren't they allowed to get some kind
> of approval?


Nah, we already know who those people are. It's more like if you keep
predicting a blizzard and I wake up and there was a misting of rain, 
I keep getting less and less interested in the predictions. It costs
real money to get these dances going and unless you're going to give
us all the information, please don't bother. The snort SIDS were 
nice, but as far as I am concerned, IL-CERT is not a trusted 
source. 

The third story about this horrrible worm:

http://www.commentwire.com/article_news.asp?guid=20856A5C-3952-4F2C-913A-1E963F902D41

If I don't see SANS running around with their capes off, I don't
really pay too much attention. The last one wasn't a big hit like
they thought, but they do good work. I "trust" them more than 
I trust IL-CERT telling North Americans to drop our hotdogs, turn
off our football, and get ready for "worms". I'd hope to see US-CERT
continue making progress and telling North Americans when to worry.

The work everyone is doing is fantastic, but it's pretty clear
trust is being ignored and while we're ont he subject proper delivery
of files with checksums etc. It ain't happening anymore.

-M< 





Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.