[Dshield] Dalnet being uses as a C&C server
dalvenjah at DAL.NET
Wed Jun 20 19:56:31 GMT 2007
>>>>> "tomb" == Tomas L. Byrnes <tomb at byrneit.net> writes:
tomb> No-one was advocating blocking them, unless the handlers
tomb> determined that they were non-responsive. What I was
tomb> advocating was that this be handled through the proper
tomb> channel, by trained incident handlers.
tomb> I don't think ANYONE said "let's continue to pursue blocking
tomb> Escalating something to the handlers is very different than
tomb> blocking someone. It's getting the information to the right
tomb> people, and letting them do what they do best.
Aha -- I see what happened. I misinterpreted 'escalating to the handlers'
as 'start the process to block DALnet'. I apologize for that -- I should
have done more research to determine how incidents like this are normally
handled and what the terminology means.
Thank you for the clarification; I'll go back to lurking now, and hope
that we can continue to help out in pursuing incidents like this.
More information about the list