[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

forwarded msg

To: afnog at afnog.org
Subject: forwarded msg
From: Charles Musisi <cmusisi at uol.co.ug>
Date: Fri, 21 Sep 2001 23:59:28 +0300
Content-Type: text/plain; charset="us-ascii"; format=flowed
Delivered-To: afnog-archive at lists.eahd.or.ug
Delivered-To: <afnog at afnog.org>
Sender: owner-afnog at uol.co.ug

X-Sender: byfraser at mira-sjc5-4.cisco.com
X-Mailer: QUALCOMM Windows Eudora Version 4.3.2
Date: Fri, 21 Sep 2001 12:08:40 -0700
To: Brian Longwe <cto at nbi.ispkenya.com>
From: Barbara Fraser <byfraser at cisco.com>
Subject: Re: NIMDA Horror
Cc: Randy Bush <randy at psg.com>, bgreene at cisco.com, blongwe at psg.com,
         gagbey at ghana.com, afnog at afnog.org, byf at cisco.com
In-Reply-To: <20010921212853.207706f3.cto at nbi.ispkenya.com>
References: <E15kS0p-000J84-00 at rip.psg.com>
  <20010921133906.55e3b0b4.blongwe at psg.com>
  <NCBBLBFHCNNFFCBBHDEHAEAFODAA.bgreene at cisco.com>
  <E15kS0p-000J84-00 at rip.psg.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed

I'd like to emphasize what Barry was saying. The FIRST (Forum of Incident
community shares and confers with each other as soon as a threat is
discovered. Information is shared as knowledge about the nature of the
threat, fixes, and workarounds is evolving. Official advisories go out once
there is a set of information ready for consumption. This means there will
always be a delay between the time something is discovered and the time
when information can be well-written, tested, and then distributed. All of
this means you need to be connected to the inside information which you get
by having an established CERT team and association with the FIRST
community. And as also mentioned, operations lists will generally provide
similar early information.

The list of incident response teams that are members of FIRST can be found
at www.first.org. I'm not aware of any teams on the continent of Africa but
it sure seems it's time to change that :-).  Perhaps at the next AFNOG
meeting, there would be time for a presentation on response teams and a BoF
for folks interested in setting one up. Just a thought.

Barb

At 09:28 PM 9/21/2001 +0300, Brian Longwe wrote:
 >On Fri, 21 Sep 2001 08:14:43 -0700
 >Randy Bush <randy at psg.com> wrote:
 >
 > > > My suggestion is that you create an 'afri-cert' alias.
 > >
 > > is there an asia-cert alias?  a us-cert alias or na-cert alias?  why 
not do
 > > as lucy suggests and join the mainstream?  and, as lucy hinted, the cert
 > > announcement was one of the latest warnings.  normal ops lists were the
 > > earliest.
 > >
 >
 >One of the problems with the "mainstream" is the timezone difference. A
 >couple of hours can make a whole lot of difference with the kind of
 >network attacks being seen nowadays...I agree with the "contextualized"
 >version.
 >
 >Longwe

-----
This is the afnog mailing list, managed by Majordomo 1.94.4

To send a message to this list, e-mail afnog at afnog.org
To send a request to majordomo, e-mail majordomo at afnog.org and put
your request in the body of the message (i.e use "help" for help)

This list is maintained by owner-afnog at afnog.org

Prev by Date: Re: NIMDA Horror
Next by Date: Re: NIMDA Horror
Prev by thread: Re: NIMDA Horror
Next by thread: Re: NIMDA Horror
Index(es):
- Date
- Thread