20 Mar
2010
20 Mar
'10
5:47 p.m.
On Sat, 20 Mar 2010, Hank Nussbacher wrote:
How exactly would being transparent for the following help Internet security:
"I am seeing a new malware infection vector via port 91714 coming from the IP range of 32.0.0.0/8 that installs a rootkit after visiting the web page http://www.trythisoutnow.com/. In addition, it has credit card and pswd stealing capabilities and sends the details to a maildrop at trythisoutnow@gmail.com"
The only upside of being transparent is alerting the miscreant to change the vector and maildrop.
I disagree. *All* of that information would be useful for configuring filters at my border. Cheers, George AD7RL