[AusNOG] Analysis of the Carna Botnet (Internet Census 2012)

Joshua D'Alton joshua at railgun.com.au
Wed May 29 16:52:00 EST 2013


Its the good samaritans dilemah. unfortunately western laws are so uptight
that the 'friendly' notification of a enormous issue is rarely seen as such.

sent from android
On May 29, 2013 4:31 PM, "Joseph Goldman" <joe at apcs.com.au> wrote:

> I wouldn't say they were 'advocating' the technique, merely pointing out
> it is the lesser of 2 evils. I'd much rather go through the hassle of
> reconfiguring users routers than dealing with the fallout of customer
> financial details being leaked from my system.
>
> I would prefer more someone call me and say 'Hey, i found this on your
> network, you should fix', but where's the lulz in that?
>
> On 29/05/13 16:28, PRK wrote:
>
>> On 2013-05-29 12:49, Tim March wrote:
>>
>>>
>>> Yeah, because the punters that are out there executing malicious
>>> network attacks 'for the lulz' would totally never do anything like
>>> that just in case the AFP kick their door in =)
>>>
>>> Besides, running Tor and `proxychains nmap -n -sT -sV -iL $input -oG
>>> $output -p 23` will pretty much do what you want and keep an attacker
>>> reasonably anonymous...
>>>
>>
>> On 2013-05-29 12:48, Heinz N wrote:
>>
>>>
>>> And what about those professional hackers in China & Russia that are
>>> quietly rerouting CPE DNS queries to their 'special' servers? (not for
>>> any lulz mind you, but for real $'s) What can the cops here do about
>>> them? I reckon it is better that your router goes down (for lulz) and
>>> you know that there IS a problem rather than it continuing to quietly
>>> just steal all your stuff for years and years. Better a router that
>>> goes down than your bank account! IMHO
>>>
>>
>> I am aghast that on a Network Operators Group, there are advocates of
>> erasing another operator's production router configuration as an acceptable
>> method of notifying said operator that they have a security vulnerability.
>>
>> prk
>>
>> ______________________________**_________________
>> AusNOG mailing list
>> AusNOG at lists.ausnog.net
>> http://lists.ausnog.net/**mailman/listinfo/ausnog<http://lists.ausnog.net/mailman/listinfo/ausnog>
>>
>
> ______________________________**_________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/**mailman/listinfo/ausnog<http://lists.ausnog.net/mailman/listinfo/ausnog>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20130529/8e668c86/attachment.html>


More information about the AusNOG mailing list