BlackWorm infected IP's reporting

Hi,

> >
> >
> > Hi.
> >
> > In the next day or so some of us will cooperate to bring to the
> > attention of all effected AS's information about infected users in their
> > net-space.
>
> That would be "affected".
>
> > This will be coordinated with several groups and organizations. Please
> > expect these emails, thanks.
>
> In other words, NANOG is a step child of these and we'll only see
> the PR? If you're going to keep the mitigations off of NANOG, it's
> probably safe to keep it all off. We all read newspapers, blogs, and
> slashdot.

sorry, but i couldn't understand your problem. I think it's just a
usefull information, wich AS is infected by a critical worm. Also i
relay this information to people, who think this informations are
usefull, too.

Ok, perhaps there are people to advertise themselves, but why not? When
they invest time in this work, why aren't they allowed to get some kind
of approval?

Nah, we already know who those people are. It's more like if you keep
predicting a blizzard and I wake up and there was a misting of rain,
I keep getting less and less interested in the predictions. It costs
real money to get these dances going and unless you're going to give
us all the information, please don't bother. The snort SIDS were
nice, but as far as I am concerned, IL-CERT is not a trusted
source.

The third story about this horrrible worm:

http://www.commentwire.com/article_news.asp?guid=20856A5C-3952-4F2C-913A-1E963F902D41

If I don't see SANS running around with their capes off, I don't
really pay too much attention. The last one wasn't a big hit like
they thought, but they do good work. I "trust" them more than
I trust IL-CERT telling North Americans to drop our hotdogs, turn
off our football, and get ready for "worms". I'd hope to see US-CERT
continue making progress and telling North Americans when to worry.

The work everyone is doing is fantastic, but it's pretty clear
trust is being ignored and while we're ont he subject proper delivery
of files with checksums etc. It ain't happening anymore.

-M<

Serious answers: (much like your 'serious questions'):

If I don't see SANS running around with their capes off, I don't

http://isc.sans.org/blackworm
Further, our reports lead to a SANS ISC temporary URL's for each AS.

really pay too much attention. The last one wasn't a big hit like
they thought, but they do good work. I "trust" them more than I trust IL-CERT telling North Americans to drop our hotdogs, turn

I don't work for IL-CERT (which is actually the GOV cert, not IL-CERT), except in an advisory capacity volunteer-base now. I.e., I am a civilian now.

off our football, and get ready for "worms". I'd hope to see US-CERT
continue making progress and telling North Americans when to worry.

US-CERT is kept in the loop every step of the way, as is the FBI, Secret Service and a lot of others who contribute from their time and effort. We can all criticize others, it's easy. How about you start pulling your own weight instead of causing havoc non-stop?

Is this some sort of VeriSign plot or did you come up with it all on your own?

The work everyone is doing is fantastic, but it's pretty clear
trust is being ignored

I am not one to keep my mouth shut. I am also not one to answer idi.. err, donkies. Still, I kept quiet about you for a long time, as ignoring trolls is usually the best way of handling them.

I am often "emotional", straight-forward and tactless, i.e. == rude for some people, which is why I try and speak differently to non-Israelies.
Unlike you, I don't impede progress or pick personal fights as a regular day-to-day sport. As the mods say nothing to you for a long time now, I suppose your kind of behavior is fair game.

So...

Are you going to stop being a troll about everything "IL-CERT" does, I do or anyone else except for you does?

What is it you do again? Anything what-so-ever?
Or is it just: pick up on someone and act the a**-h*le so that you can gain respect in the quick and dirty route, because some tech is in there and you act like someone who is authoritative in writing?
Use flame techniques such as quote only portions of the text, reply to something a tad bit different than what was written or ignore some of what the other guy said?
Anything else?

Last time that resulted in harming a big operational forum with one of the mods quitting (who also just HAPPENED to be an Israeli). You should be ashamed. Luckily it usually ends with only flame wars.

You use your own name rather than VeriSign's in everything yet are not afraid to speak openly for VeriSign when it suits you. What is it you do on nanog?

I've had enough. I knew it was a mistake to quit ignoring you and it probably is a mistake to reply to you, but your personal attacks can't go on, even under the mask of "concern". Have the GUTS to come out and say what you want, or is it just flaming?

Some of us work day and night on local operational issues, others work day and night on the survivability of the Internet itself.

And you? Google the wikipedia entry for "STFU".

  Gadi.

Just so people don't get confused: IL-CERT has nothing to do with what
Gadi posted and I don't seem to remember that Gadi included any mention of
IL-CERT in his postings. In addition, if anyone has any problems with the
trustworthiness of IL-CERT (Israeli Academic CERT) as listed on FIRST:
http://www.first.org/about/organization/teams/index.html
then they should raise that issue with the FIRST secretariat and on the
FIRST mailing lists where we can counter any claims to the otherwise.

Hank Nussbacher
ILAN-CERT representative
IUCC

What is it you do again? Anything what-so-ever?

Martin is the 21st century version of Jim Fleming and
Jeff Williams. He entertains us with his hyperbole.

Does anyone take him seriously anymore?

Martin is the 21st century version of Jim Fleming and
Jeff Williams. He entertains us with his hyperbole.

i don't know if i'd go THAT far. none of those (fleming, williams, hannigan)
entertains me with their nanog posts. (and neither does gadi.) with usenet
gone, we just don't teach our kids entertainment-level hyperbole any more.