[Dshield] Dalnet being uses as a C&C server

Dalvenjah FoxFire dalvenjah at DAL.NET
Wed Jun 20 19:56:31 GMT 2007

>>>>> "tomb" == Tomas L. Byrnes <tomb at byrneit.net> writes:

    tomb> No-one was advocating blocking them, unless the handlers
    tomb> determined that they were non-responsive. What I was
    tomb> advocating was that this be handled through the proper
    tomb> channel, by trained incident handlers.

    tomb> I don't think ANYONE said "let's continue to pursue blocking
    tomb> DALnet".

    tomb> Escalating something to the handlers is very different than
    tomb> blocking someone. It's getting the information to the right
    tomb> people, and letting them do what they do best.

Aha -- I see what happened. I misinterpreted 'escalating to the handlers'
as 'start the process to block DALnet'. I apologize for that -- I should
have done more research to determine how incidents like this are normally
handled and what the terminology means.

Thank you for the clarification; I'll go back to lurking now, and hope
that we can continue to help out in pursuing incidents like this.



More information about the list mailing list