[Dshield] What should I do next

Ed Truitt ed.truitt at etee2k.net
Fri May 10 13:18:13 GMT 2002

I have had similar problems alerting network admins to the presence of
Nimda-infected hosts.  Two domains, oz.net and hqglobal.net, have caused me
the most problems.  I have found that, in some cases, it helps to do a
traceroute to the infected host, then notify the network admin for the
domain AND cc their upstream.

BTW, what you are seeing isn't that wierd.  Probably a DSL or other
broadband connection w/ a static IP (like me).  Not too surprising, as it
makes little sense to run a web server (remember, Nimda infects machines
running IIS) on a dynamic IP, unless you are also using Dynamic DNS (and
then, IMHO, it still doesn't make sense.)

Ed Truitt
PGP fingerprint:  5368 D25E 468C A250 9833  CCD6 DBAE 9C25 02F9 0AB9

"Note to spammers:  my 'delete' key is connected to YOUR ISP.
 Also, if you send me UCE, I reserve the right to post your spew
on my Web site, with the appropriate color commentary, so that
others may have a good laugh at your expense."

----- Original Message -----
From: "Jim Gifford" <maillist at jg555.com>
To: <list at dshield.org>
Sent: Friday, May 10, 2002 7:38 AM
Subject: Re: [Dshield] What should I do next

> I have sent him this information four times without a response. I just
> he is not interested. The wierd part is that it has happened almost
> at different times using the same IP's everytime.

More information about the list mailing list