Bugtraq mailing list archives
Re: Ruh-Roh SOBIG.G?
From: Dragos Ruiu <dr () kyx net>
Date: Thu, 25 Sep 2003 14:36:06 -0700
On September 25, 2003 08:48 am, Nick Fisher wrote:
As you point out above, one of the biggest problems with SoBig was the bandwidth usage. As such wouldn't it be better to DISCARD the messages and not REJECT them? SoBig spoofs return addresses, why do you have to clog my mail server with bounce messages just because SoBig was spoofing one of my customers addresses?
On September 25, 2003 08:32 am, Mike Zupan wrote:
I don't know if its just me but why add to the problem. Don't REJECT it just DISCARD it. I've got more bounced mail coming from email that is getting spoofed that mailservers are rejected then the actuall virus itself. I set up a discard and already discarded 550 emails.
Well SOBIG's mail relay is hardly well behaved. I thought REJECT was more appropriate. SOBIG won't send bounces on REJECT, and that way other people who get caught by this will get some diagnostic (since it is the sender relay that sends the bounce). BTW I've put a copy of my received samples and analysis files at http://dragos.com/sobig.tgz cheers, --dr -- pgpkey http://dragos.com/ kyxpgp
Current thread:
- Ruh-Roh SOBIG.G? Dragos Ruiu (Sep 25)
- Re: Ruh-Roh SOBIG.G? Liviu Daia (Sep 25)
- SV: Ruh-Roh SOBIG.G? Peter Kruse (Sep 25)
- RE: Ruh-Roh SOBIG.G? Larry Seltzer (Sep 26)
- SV: Ruh-Roh SOBIG.G? Peter Kruse (Sep 25)
- Message not available
- Re: Ruh-Roh SOBIG.G? Dragos Ruiu (Sep 25)
- Re: Ruh-Roh SOBIG.G? Liviu Daia (Sep 25)
- Re: Ruh-Roh SOBIG.G? Valdis . Kletnieks (Sep 26)
- <Possible follow-ups>
- Re: Ruh-Roh SOBIG.G? Joe Stewart (Sep 25)
- RE: Ruh-Roh SOBIG.G? James C. Slora, Jr. (Sep 26)