[Dshield] Re: fighting back against CodeRed
Johannes B. Ullrich
jullrich at euclidian.com
Thu Aug 9 01:20:13 GMT 2001
> Isn't this the type of thing that the NIC records are intended to be for?
Yes. But believe me, many of them are wrong. Or the e-mail addresses they
reference are invalid. I use the NIC (ARIN/APNIC/RIPE...) records for
fight back. About 20% of them bounce. Over time, I managed to correct a
lot of them. But still, for a quick and massive campain like what we need
for Code Red, this process is very tedious.
My suggestion: The various NIC's should verify technical contact email
addresses once a month and yank IP addresses from people that don't
maintain them. After all, if they don't do this, they probably don't
maintain there systems either and pose a danger for the rest of the net.
But I am probably just in my militant mode today...
jullrich at sans.org Join http://www.DShield.org
Distributed Intrusion Detection System
More information about the list