scripts to map IP to AS?

• Previous message (by thread): scripts to map IP to AS?
• Next message (by thread): M$SQL cleanup incentives
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> >Then you'd better reach over to all of your upstream routers and just pull
> >the plug, since you are likely to see Sapphire packets from here on in, on a
> >regular basis.
> 
> Better is to do the whois lookup and send pre-formatted e-mail about the 
> infected server as people did after Code-Red.

We are doing that with the reports we get for DShield. However, in particular
with consumer ISPs, there does not seem to be too much effort to notify
infected customers.

On the other hand, how hard is it for an ISP to monitor port 1434 and call
up a customer whenever there is a 'flareup'? I think this would be the easiest
way to get rid of this problem. I see that port 80 / code red is harder as
it essentially requires content inspection. But Sapphire should be rather 
easy to detect by watching outbound traffic.

• Previous message (by thread): scripts to map IP to AS?
• Next message (by thread): M$SQL cleanup incentives
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]