On Sep 25, 2016, at 6:35 PM, Brett Glass <na...@brettglass.com> wrote: > At 03:50 PM 9/25/2016, Patrick W. Gilmore wrote:
>> What Brett is asking seems reasonable, even useful. Unfortunately, it is not >> as simple as posting a list of addresses on a website. >> >> Many devices are compromised because of default user/pass settings. >> Publishing a list of IP addresses which are so trivially compromised is >> handing the miscreants a gift. > > I think you may have misunderstood my request. I am not asking for the IP > addresses of the bots, but the address or addresses which they are attacking. > I can then scan outgoing packets for those destination addresses, and -- if I > see them -- work my way back to the customers who are unknowingly harboring > infected devices. Those devices could be PCs, Webcams, DVRs, even > thermostats.... The customers may not know that they have changeable > passwords or backdoors. > > By doing this, we can not only enhance our users' security but forestall > complaints. We have had more than one customer quit because an infected > device on his or her network impacted the quality of video streaming or > VoIP... and, of course, he blamed the ISP. Everyone ALWAYS blames the ISP. ;-) I did read it the other way. It’s his website, which you can read about on … his website, http://krebsonsecurity.com/. (And for everyone on this list, it should be trivial to figure out who helped him get the website back up.) Or his twitter feed. Or lots of articles about it. Or lots of mailing lists. Or … etc. -- TTFN, patrick
