28 Aug
2003
28 Aug
'03
4:12 p.m.
At 12:54 PM 28/08/2003 -0700, Dan Hollis wrote:
Alternatively, perhaps we could, instead, publish an INFECTED SYSTEMS blacklist based on such connections to a honeypot. Any system which made the correct request could then have it's address published via BGP or DNS for ISPs and the like to do as they wish.
an infected host dnsrbl doesnt sound like a bad idea...
I dont think this would work too well. The users who are infected often think something is wrong because their connection and computer are not working quite right. So they disconnect / reconnect / reboot so they burn through quite a few dynamic IP addresses along the way. ---Mike