North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical RE: Code Red 2 cleanup; reporting..
On Thu, 9 Aug 2001, Mathias Körber wrote: > > > Is there an effort abound that would allow for lists of verified 'Code > > Red 2' infected hosts to be reported for cleanup/mitigation? > > By known 'Code > > Red 2' infected hosts, I mean that root.exe has been found to exist on the > > host. > > > > Finding the contact information for a lot of these is proving difficult > > being that a fair amount of the infected machines are Joe Blow broadband > > customers. > > Publishing such lists is IMHO not a good idea, as these hosts are vulnerable and > publishing their addresses would only serve to let more crackers know where to > go.. <--( SNIP )--> Helu, Yes, I think that your observation is obvious.. publishing lists of infected hosts is a bad idea. My question was asking if there was an unofficial mitigation process to notify the end-use and/or the providers involved for clean-up efforts. I don't want lists of infected hosts nor do I want to publish lists of infected hosts. Being that it is difficult to contact the end-user of a lot of the infected hosts, is there a discrete process in place for notifying the provider.. etc etc. If nothing is in place, great, I'll just throw e-mails to the end-users I can find and/or their respective NSP. If something is in place.. either unofficial or special contacts at the NSPs, great, I'll go that route. .z
|