On Thu, 13 Nov 2003, Roy wrote:
>
> Unfortunately myNetWatchman is one of the wordt services I have seen. We
> can't even get them to send the reports to our abuse address.
I've found that anything marketed starting with "my" is not something
I would ever want to call mine.
--
Jay Hennigan -
EMAIL PROTECTED]
Subject: Re: The Internet's Immune System
myNetWatchman has a work-in-progress search-by-AS
http://www.mynetwatchman.com/ListIncidentbyASSummary.asp?AS=YOUR_AS_HERE
Dan
myNetWatchman has a work-in-progress search-by-AS
http://www.mynetwatchman.com/ListIncidentbyASSummary.asp?AS=YOUR_AS_HERE
On Wed, Nov 12, 2003 at 06:56:50PM -0500, Jamie Reid wrote:
>
> It would be useful if these sites allowed you to query them with CIDR ranges to
> see if your site had ori
On Wed, 12 Nov 2003 18:56:50 EST, Jamie Reid <[EMAIL PROTECTED]> said:
> It would be useful if these sites allowed you to query them with CIDR ranges
> to see if your site had originated any traffic that triggered their sensor
> array
I've always wondered how to do this securely in an ad-hoc mann
As far as reporting is concerned, we do have a number of ways you can
query our DShield data. First of all, by prefix (right now only /8, /16,
/24). But we do send out daily custom reports per request. Just send me
an e-mail.
There is also a test version of a report by ASN:
http://www.dshield.or
eir customer.
and frankly, if that were possible, the [EMAIL PROTECTED] would not be
a blackhole with robothanks at the door. so, i'm not hopeful that the
internet's immune system is simply in need of better incident reporting.
we need a "sea change" in network-owner attitu
It would be useful if these sites allowed you to query them with CIDR ranges to
see if your site had originated any traffic that triggered their sensor arrays. The
IDS community never seems to have wrapped its collective head around routing
information. Looking up single IP addrs is just cosmet
> Devise a system that assumes owners of IP space WANT to know about problems.
> report --open-proxy 192.168.1.1 and have a report sent to whoever needed to know about it.
http://www.Incidents.org
http://www.Dshield.org/howto.php
http://www.MyNetWatchman.com
-bryan bradsby
On Wed, 12 Nov 2003, David A. Ulevitch wrote:
> Automated techniques are the only thing that will stop it but is your
> idea "fast enough?" I don't think so. Relying on user reports is good
> for compromises and spambots but it won't do anything to stop CodeRed or
> Nimda.
True -- but I did sa
Christopher X. Candreva wrote:
So in the above example, if I receive the report for 192.168.1.1 being an
open proxy, I might have my system configured, because that is a residential
DSL IP, to automaticly do a full port scan on it to look for open proxies,
and if I confirm that it is open shut the
On Sun, 2 Nov 2003, Paul Vixie wrote:
> so listen up. just because many of the infected hosts won't be disinfected,
> don't assume that there's no value in tracking and reporting them, or that
> there's no reason to spend money listening to and acting on complains
11 matches
Mail list logo
