[Dshield] What should I do next
ed.truitt at etee2k.net
Fri May 10 13:18:13 GMT 2002
I have had similar problems alerting network admins to the presence of
Nimda-infected hosts. Two domains, oz.net and hqglobal.net, have caused me
the most problems. I have found that, in some cases, it helps to do a
traceroute to the infected host, then notify the network admin for the
domain AND cc their upstream.
BTW, what you are seeing isn't that wierd. Probably a DSL or other
broadband connection w/ a static IP (like me). Not too surprising, as it
makes little sense to run a web server (remember, Nimda infects machines
running IIS) on a dynamic IP, unless you are also using Dynamic DNS (and
then, IMHO, it still doesn't make sense.)
PGP fingerprint: 5368 D25E 468C A250 9833 CCD6 DBAE 9C25 02F9 0AB9
"Note to spammers: my 'delete' key is connected to YOUR ISP.
Also, if you send me UCE, I reserve the right to post your spew
on my Web site, with the appropriate color commentary, so that
others may have a good laugh at your expense."
----- Original Message -----
From: "Jim Gifford" <maillist at jg555.com>
To: <list at dshield.org>
Sent: Friday, May 10, 2002 7:38 AM
Subject: Re: [Dshield] What should I do next
> I have sent him this information four times without a response. I just
> he is not interested. The wierd part is that it has happened almost
> at different times using the same IP's everytime.
More information about the list