[Dshield] Nimda box reporting

Russell Washington russ.washington at vaultsentry.com
Thu Aug 8 17:52:05 GMT 2002


Question for the masses... (knowing this will probably kick up a lot of
dust, ducking)

Does anyone know of a centralized... anything... for getting word to
compromised box administrators that their boxes are compromised?  I'm
specifically thinking Nimda, although it certainly isn't the only one to
think about.

It's easy enough to definitively determine whether a box scanning port 80 on
your range is Nimda-infected, hit its IP in a web browser on a machine with
decent real-time AV protection and bam, "I killed Nimda" dialog boxes start
showing up.  Presumably (hopefully) the box admin would want to fix this...
if they knew.

But getting word to that admin about a confirmed infection... tricky...

Anyway, just a thought.  Does any centralized notification thingamabob like
this exist?  Or is the upshot that folks don't pay attention when they get
these kinds of notifications anyway?




More information about the list mailing list