[AusNOG] Disclosing IP addresses

Pinkerton, Eric Eric.Pinkerton at team.telstra.com
Thu Jul 1 17:32:01 EST 2010


I would obfuscate it because it's possible that source was in turn a compromised host being used to stage an attack, just as the attacker used your machine to attack other hosts.

How would you feel about another blogger including your IP as a result of this next phase?

It's probably of more value to report that IP to dsheild or mynetwatchman etc etc, that way others can train their firewalls to block attacks from this host, and said users ISP gets notified (possibly)

Also by publishing these details you risk provoking your attacker into further targeting you personally, a brave but naive stratergy IMHO.

________________________________
From: ausnog-bounces at lists.ausnog.net [mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of Daniel Hood
Sent: Thursday, 1 July 2010 4:59 PM
To: ausnog at ausnog.net
Subject: [AusNOG] Disclosing IP addresses

Ausnog,

Wondering for those of us who do a bit of security research here and there. Whats everyones opinions with disclosing IP addresses?

An example would be, I wrote this post here:

http://www.poweredsecurity.com/?p=83

I'm wondering is it Ok to have disclosed the IP addresses in the post as they were part of the logs. Or whether I should xxx them out? They aren't my IP addresses.

Dan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20100701/6df004e1/attachment.html>


More information about the AusNOG mailing list