[Dshield] Re: fighting back against CodeRed

Johannes B. Ullrich jullrich at euclidian.com
Thu Aug 9 01:20:13 GMT 2001

> Isn't this the type of thing that the NIC records are intended to be for?

Yes. But believe me, many of them are wrong. Or the e-mail addresses they
reference are invalid. I use the NIC (ARIN/APNIC/RIPE...) records for
fight back. About 20% of them bounce. Over time, I managed to correct a
lot of them. But still, for a quick and massive campain like what we need
for Code Red, this process is very tedious.

My suggestion: The various NIC's should verify technical contact email
addresses once a month and yank IP addresses from people that don't
maintain them. After all, if they don't do this, they probably don't
maintain there systems either and pose a danger for the rest of the net.

But I am probably just in my militant mode today...

jullrich at sans.org                    Join http://www.DShield.org
                                     Distributed Intrusion Detection System

More information about the list mailing list