[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

NSP-SEC

Subject: NSP-SEC
From: nanog at armorfirewall.com (George Imburgia)
Date: Sat, 20 Mar 2010 16:47:42 -0500 (EST)
In-reply-to: <[email protected]>
References: <[email protected]> <20100319083143.553b0111@t61p> <1269006269.1220.135.camel@petrie> <[email protected]>


On Sat, 20 Mar 2010, Hank Nussbacher wrote:

> How exactly would being transparent for the following help Internet security:
>
> "I am seeing a new malware infection vector via port 91714 coming from the IP 
> range of 32.0.0.0/8 that installs a rootkit after visiting the web page
> http://www.trythisoutnow.com/.  In addition, it has credit card and pswd 
> stealing capabilities and sends the details to a maildrop at 
> trythisoutnow at gmail.com"
>
> The only upside of being transparent is alerting the miscreant to change the 
> vector and maildrop.


I disagree. *All* of that information would be useful for configuring 
filters at my border.


Cheers,
George
AD7RL

References:
- NSP-SEC
  - From: gfortaine at live.com (Guillaume FORTAINE)
- NSP-SEC
  - From: jtk at cymru.com (John Kristoff)
- NSP-SEC
  - From: nenolod at systeminplace.net (William Pitcock)
- NSP-SEC
  - From: hank at efes.iucc.ac.il (Hank Nussbacher)

Prev by Date: NSP-SEC
Next by Date: NANOG Digest, Vol 26, Issue 106
Previous by thread: NSP-SEC
Next by thread: NSP-SEC
Index(es):
- Date
- Thread