Code Red 2 cleanup; reporting..
z at s0be.net
z at s0be.net
Thu Aug 9 06:36:46 UTC 2001
On Thu, 9 Aug 2001, Mathias Körber wrote:
>
> > Is there an effort abound that would allow for lists of verified 'Code
> > Red 2' infected hosts to be reported for cleanup/mitigation?
> > By known 'Code
> > Red 2' infected hosts, I mean that root.exe has been found to exist on the
> > host.
> >
> > Finding the contact information for a lot of these is proving difficult
> > being that a fair amount of the infected machines are Joe Blow broadband
> > customers.
>
> Publishing such lists is IMHO not a good idea, as these hosts are vulnerable and
> publishing their addresses would only serve to let more crackers know where to
> go..
<--( SNIP )-->
Helu,
Yes, I think that your observation is obvious.. publishing lists of
infected hosts is a bad idea. My question was asking if there was an
unofficial mitigation process to notify the end-use and/or the providers
involved for clean-up efforts.
I don't want lists of infected hosts nor do I want to publish lists
of infected hosts. Being that it is difficult to contact the end-user of
a lot of the infected hosts, is there a discrete process in place for
notifying the provider.. etc etc.
If nothing is in place, great, I'll just throw e-mails to the
end-users I can find and/or their respective NSP. If something is
in place.. either unofficial or special contacts at the NSPs, great, I'll
go that route.
.z
More information about the NANOG
mailing list