Sobig.f surprise attack today

• Previous message (by thread): Sobig.f surprise attack today
• Next message (by thread): Sobig.f surprise attack today
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

At 12:54 PM 28/08/2003 -0700, Dan Hollis wrote:
> > Alternatively, perhaps we could, instead, publish an INFECTED SYSTEMS
> > blacklist
> > based on such connections to a honeypot.  Any system which made the correct
> > request could then have it's address published via BGP or DNS for ISPs and
> > the like to do as they wish.
>
>an infected host dnsrbl doesnt sound like a bad idea...

I dont think this would work too well.  The users who are infected often 
think something is wrong because their connection and computer are not 
working quite right. So they disconnect / reconnect / reboot so they burn 
through quite a few dynamic IP addresses along the way.

         ---Mike 

• Previous message (by thread): Sobig.f surprise attack today
• Next message (by thread): Sobig.f surprise attack today
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]