North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Re: BlackWorm infected IP's reporting
- From: Martin Hannigan
- Date: Wed Jan 25 13:11:47 2006
> On Mi, 2006-01-25 at 03:20 -0500, Martin Hannigan wrote:
> > >
> > >
> > > Hi.
> > >
> > > In the next day or so some of us will cooperate to bring to the
> > > attention of all effected AS's information about infected users in their
> > > net-space.
> > That would be "affected".
> > > This will be coordinated with several groups and organizations. Please
> > > expect these emails, thanks.
> > In other words, NANOG is a step child of these and we'll only see
> > the PR? If you're going to keep the mitigations off of NANOG, it's
> > probably safe to keep it all off. We all read newspapers, blogs, and
> > slashdot.
> sorry, but i couldn't understand your problem. I think it's just a
> usefull information, wich AS is infected by a critical worm. Also i
> relay this information to people, who think this informations are
> usefull, too.
> Ok, perhaps there are people to advertise themselves, but why not? When
> they invest time in this work, why aren't they allowed to get some kind
> of approval?
Nah, we already know who those people are. It's more like if you keep
predicting a blizzard and I wake up and there was a misting of rain,
I keep getting less and less interested in the predictions. It costs
real money to get these dances going and unless you're going to give
us all the information, please don't bother. The snort SIDS were
nice, but as far as I am concerned, IL-CERT is not a trusted
The third story about this horrrible worm:
If I don't see SANS running around with their capes off, I don't
really pay too much attention. The last one wasn't a big hit like
they thought, but they do good work. I "trust" them more than
I trust IL-CERT telling North Americans to drop our hotdogs, turn
off our football, and get ready for "worms". I'd hope to see US-CERT
continue making progress and telling North Americans when to worry.
The work everyone is doing is fantastic, but it's pretty clear
trust is being ignored and while we're ont he subject proper delivery
of files with checksums etc. It ain't happening anymore.