NSP-SEC
George Imburgia
nanog at armorfirewall.com
Sat Mar 20 21:47:42 UTC 2010
On Sat, 20 Mar 2010, Hank Nussbacher wrote:
> How exactly would being transparent for the following help Internet security:
>
> "I am seeing a new malware infection vector via port 91714 coming from the IP
> range of 32.0.0.0/8 that installs a rootkit after visiting the web page
> http://www.trythisoutnow.com/. In addition, it has credit card and pswd
> stealing capabilities and sends the details to a maildrop at
> trythisoutnow at gmail.com"
>
> The only upside of being transparent is alerting the miscreant to change the
> vector and maildrop.
I disagree. *All* of that information would be useful for configuring
filters at my border.
Cheers,
George
AD7RL
More information about the NANOG
mailing list