
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">

<HTML xmlns="http://www.w3.org/TR/REC-html40" xmlns:v = 

"urn:schemas-microsoft-com:vml" xmlns:o = 

"urn:schemas-microsoft-com:office:office" xmlns:w = 

"urn:schemas-microsoft-com:office:word" xmlns:x = 

"urn:schemas-microsoft-com:office:excel" xmlns:p = 

"urn:schemas-microsoft-com:office:powerpoint" xmlns:a = 

"urn:schemas-microsoft-com:office:access" xmlns:dt = 

"uuid:C2F41010-65B3-11d1-A29F-00AA00C14882" xmlns:s = 

"uuid:BDC6E3F0-6DA3-11d1-A2A3-00AA00C14882" xmlns:rs = 

"urn:schemas-microsoft-com:rowset" xmlns:z = "#RowsetSchema" xmlns:b = 

"urn:schemas-microsoft-com:office:publisher" xmlns:ss = 

"urn:schemas-microsoft-com:office:spreadsheet" xmlns:c = 

"urn:schemas-microsoft-com:office:component:spreadsheet" xmlns:odc = 

"urn:schemas-microsoft-com:office:odc" xmlns:oa = 

"urn:schemas-microsoft-com:office:activation" xmlns:html = 

"http://www.w3.org/TR/REC-html40" xmlns:q = 

"http://schemas.xmlsoap.org/soap/envelope/" xmlns:rtc = 

"http://microsoft.com/officenet/conferencing" XMLNS:D = "DAV:" XMLNS:Repl = 

"http://schemas.microsoft.com/repl/" xmlns:mt = 

"http://schemas.microsoft.com/sharepoint/soap/meetings/" xmlns:x2 = 

"http://schemas.microsoft.com/office/excel/2003/xml" xmlns:ppda = 

"http://www.passport.com/NameSpace.xsd" xmlns:ois = 

"http://schemas.microsoft.com/sharepoint/soap/ois/" xmlns:dir = 

"http://schemas.microsoft.com/sharepoint/soap/directory/" xmlns:ds = 

"http://www.w3.org/2000/09/xmldsig#" xmlns:dsp = 

"http://schemas.microsoft.com/sharepoint/dsp" xmlns:udc = 

"http://schemas.microsoft.com/data/udc" xmlns:xsd = 

"http://www.w3.org/2001/XMLSchema" xmlns:sub = 

"http://schemas.microsoft.com/sharepoint/soap/2002/1/alerts/" xmlns:ec = 

"http://www.w3.org/2001/04/xmlenc#" xmlns:sp = 

"http://schemas.microsoft.com/sharepoint/" xmlns:sps = 

"http://schemas.microsoft.com/sharepoint/soap/" xmlns:xsi = 

"http://www.w3.org/2001/XMLSchema-instance" xmlns:udcs = 

"http://schemas.microsoft.com/data/udc/soap" xmlns:udcxf = 

"http://schemas.microsoft.com/data/udc/xmlfile" xmlns:udcp2p = 

"http://schemas.microsoft.com/data/udc/parttopart" xmlns:wf = 

"http://schemas.microsoft.com/sharepoint/soap/workflow/" xmlns:dsss = 

"http://schemas.microsoft.com/office/2006/digsig-setup" xmlns:dssi = 

"http://schemas.microsoft.com/office/2006/digsig" xmlns:mdssi = 

"http://schemas.openxmlformats.org/package/2006/digital-signature" xmlns:mver = 

"http://schemas.openxmlformats.org/markup-compatibility/2006" xmlns:m = 

"http://schemas.microsoft.com/office/2004/12/omml" xmlns:mrels = 

"http://schemas.openxmlformats.org/package/2006/relationships" xmlns:spwp = 

"http://microsoft.com/sharepoint/webpartpages" xmlns:ex12t = 

"http://schemas.microsoft.com/exchange/services/2006/types" xmlns:ex12m = 

"http://schemas.microsoft.com/exchange/services/2006/messages" xmlns:pptsl = 

"http://schemas.microsoft.com/sharepoint/soap/SlideLibrary/" xmlns:spsl = 

"http://microsoft.com/webservices/SharePointPortalServer/PublishedLinksService" 

XMLNS:Z = "urn:schemas-microsoft-com:" xmlns:st = ""><HEAD>

<META http-equiv=Content-Type content="text/html; charset=us-ascii">

<META content="MSHTML 6.00.2900.3660" name=GENERATOR>

<STYLE>@font-face {

        font-family: Calibri;

}

@font-face {

        font-family: Tahoma;

}

@page Section1 {size: 612.0pt 792.0pt; margin: 72.0pt 72.0pt 72.0pt 72.0pt; }

P.MsoNormal {

        FONT-SIZE: 11pt; MARGIN: 0cm 0cm 0pt; FONT-FAMILY: "Calibri","sans-serif"

}

LI.MsoNormal {

        FONT-SIZE: 11pt; MARGIN: 0cm 0cm 0pt; FONT-FAMILY: "Calibri","sans-serif"

}

DIV.MsoNormal {

        FONT-SIZE: 11pt; MARGIN: 0cm 0cm 0pt; FONT-FAMILY: "Calibri","sans-serif"

}

A:link {

        COLOR: blue; TEXT-DECORATION: underline; mso-style-priority: 99

}

SPAN.MsoHyperlink {

        COLOR: blue; TEXT-DECORATION: underline; mso-style-priority: 99

}

A:visited {

        COLOR: purple; TEXT-DECORATION: underline; mso-style-priority: 99

}

SPAN.MsoHyperlinkFollowed {

        COLOR: purple; TEXT-DECORATION: underline; mso-style-priority: 99

}

P.MsoAcetate {

        FONT-SIZE: 8pt; MARGIN: 0cm 0cm 0pt; FONT-FAMILY: "Tahoma","sans-serif"; mso-style-priority: 99; mso-style-link: "Balloon Text Char"

}

LI.MsoAcetate {

        FONT-SIZE: 8pt; MARGIN: 0cm 0cm 0pt; FONT-FAMILY: "Tahoma","sans-serif"; mso-style-priority: 99; mso-style-link: "Balloon Text Char"

}

DIV.MsoAcetate {

        FONT-SIZE: 8pt; MARGIN: 0cm 0cm 0pt; FONT-FAMILY: "Tahoma","sans-serif"; mso-style-priority: 99; mso-style-link: "Balloon Text Char"

}

SPAN.EmailStyle17 {

        COLOR: windowtext; FONT-FAMILY: "Arial","sans-serif"; mso-style-type: personal-compose

}

SPAN.BalloonTextChar {

        FONT-FAMILY: "Tahoma","sans-serif"; mso-style-priority: 99; mso-style-link: "Balloon Text"; mso-style-name: "Balloon Text Char"

}

.MsoChpDefault {

        mso-style-type: export-only

}

DIV.Section1 {

        page: Section1

}

</STYLE>

<!--[if gte mso 9]><xml>

 <o:shapedefaults v:ext="edit" spidmax="1026" />

</xml><![endif]--><!--[if gte mso 9]><xml>

 <o:shapelayout v:ext="edit">

  <o:idmap v:ext="edit" data="1" />

 </o:shapelayout></xml><![endif]--></HEAD>

<BODY lang=EN-AU vLink=purple link=blue>

<DIV dir=ltr align=left><SPAN class=495311807-01072010><FONT face=Arial 

color=#0000ff size=2>I would obfuscate it because 

it's possible that source was in turn a compromised host being used to 

stage an attack, just as the attacker used your machine to attack other 

hosts.</FONT></SPAN></DIV>

<DIV dir=ltr align=left><SPAN class=495311807-01072010><FONT face=Arial 

color=#0000ff size=2></FONT></SPAN> </DIV>

<DIV dir=ltr align=left><SPAN class=495311807-01072010><FONT face=Arial 

color=#0000ff size=2>How would you feel about another blogger including 

your IP as a result of this next phase?</FONT></SPAN></DIV>

<DIV dir=ltr align=left><SPAN class=495311807-01072010><FONT face=Arial 

color=#0000ff size=2></FONT></SPAN> </DIV>

<DIV dir=ltr align=left><SPAN class=495311807-01072010><FONT face=Arial 

color=#0000ff size=2>It's probably of more value to report that IP to 

dsheild or mynetwatchman etc etc, that way others can train their firewalls to 

block attacks from this host, and said users ISP gets notified 

(possibly)</FONT></SPAN></DIV>

<DIV dir=ltr align=left><SPAN class=495311807-01072010><FONT face=Arial 

color=#0000ff size=2></FONT></SPAN> </DIV>

<DIV dir=ltr align=left><SPAN class=495311807-01072010><FONT face=Arial 

color=#0000ff size=2>Also by publishing these details you risk provoking 

your attacker into further targeting you personally, a brave but naive stratergy 

IMHO.</FONT></SPAN></DIV>

<DIV dir=ltr align=left><SPAN class=495311807-01072010><FONT face=Arial 

color=#0000ff size=2></FONT></SPAN> </DIV>

<DIV dir=ltr align=left>

<HR tabIndex=-1>

</DIV>

<DIV dir=ltr align=left><FONT face=Tahoma size=2><B>From:</B> 

ausnog-bounces@lists.ausnog.net [mailto:ausnog-bounces@lists.ausnog.net] <B>On 

Behalf Of </B>Daniel Hood<BR><B>Sent:</B> Thursday, 1 July 2010 4:59 

PM<BR><B>To:</B> ausnog@ausnog.net<BR><B>Subject:</B> [AusNOG] Disclosing IP 

addresses<BR></FONT><BR></DIV>

<DIV></DIV>

<DIV class=Section1>

<P class=MsoNormal><SPAN 

style="FONT-SIZE: 10pt; FONT-FAMILY: 'Arial','sans-serif'">Ausnog,<o:p></o:p></SPAN></P>

<P class=MsoNormal><SPAN 

style="FONT-SIZE: 10pt; FONT-FAMILY: 'Arial','sans-serif'"><o:p> </o:p></SPAN></P>

<P class=MsoNormal><SPAN lang=EN-US 

style="FONT-SIZE: 10pt; FONT-FAMILY: 'Arial','sans-serif'">Wondering for those 

of us who do a bit of security research here and there. Whats everyones opinions 

with disclosing IP addresses?<o:p></o:p></SPAN></P>

<P class=MsoNormal><SPAN lang=EN-US 

style="FONT-SIZE: 10pt; FONT-FAMILY: 'Arial','sans-serif'"><o:p> </o:p></SPAN></P>

<P class=MsoNormal><SPAN lang=EN-US 

style="FONT-SIZE: 10pt; FONT-FAMILY: 'Arial','sans-serif'">An example would be, 

I wrote this post here:<o:p></o:p></SPAN></P>

<P class=MsoNormal><SPAN lang=EN-US 

style="FONT-SIZE: 10pt; FONT-FAMILY: 'Arial','sans-serif'"><o:p> </o:p></SPAN></P>

<P class=MsoNormal><A href="http://www.poweredsecurity.com/?p=83"><SPAN 

style="COLOR: windowtext">http://www.poweredsecurity.com/?p=83</SPAN></A><o:p></o:p></P>

<P class=MsoNormal><o:p> </o:p></P>

<P class=MsoNormal>I’m wondering is it Ok to have disclosed the IP addresses in 

the post as they were part of the logs. Or whether I should xxx them out? They 

aren’t my IP addresses. <o:p></o:p></P>

<P class=MsoNormal><o:p> </o:p></P>

<P class=MsoNormal>Dan<SPAN lang=EN-US 

style="FONT-SIZE: 10pt; FONT-FAMILY: 'Arial','sans-serif'"><o:p></o:p></SPAN></P></DIV></BODY></HTML>