CR worm infection attempts

Digital Wokan plug-discuss@lists.PLUG.phoenix.az.us
Sun, 05 Aug 2001 15:23:30 -0400


I think it's a wonderful idea.  Someone is bound to know who owns the IP
address and can warn them.  I've only been able to get through to the
admin of one compromised server for recommending they upgrade their
NT/2000 install to Linux.  The other IIS servers either got taken out or
report that there are too many people accessing it currently.

Besides, isn't it human nature to crave attention?  So what if it's the
wrong kind.

Wayne Conrad wrote:
> 
> On Sun, 05 August 2001, "J.Francois" wrote:
> > I got tired of counting and just started putting the info into my IDS page.
> > That way I can send complaints and point them to a URL so I don't have to
> > keep recreating the same data each time.
> 
> Are you putting the IP's up too?  Every one of the CRII infected boxes is rooted...  I wonder about the goodness of publishing a list of known rooted boxes.
>     Wayne
> ________________________________________________
> See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't post to the list quickly and you use Netscape to write mail.
> 
> PLUG-discuss mailing list  -  PLUG-discuss@lists.PLUG.phoenix.az.us
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss