Bugtraq mailing list archives
Re: RFC: virus handling
From: Shawn McMahon <smcmahon () eiv com>
Date: Thu, 5 Feb 2004 07:52:25 -0500
On Wed, Feb 04, 2004 at 01:44:30PM +0000, Ben Wheeler said:
cannot possibly verify whether each report is legitimate or not. So they would have a choice of either: 1. Ignore all reports. "It's not our job to protect our lusers from viruses." or 2. Automatically take action against all reports. Thus is becomes a great way to DoS your enemies, just report them as infected.
You're forgetting a third option: Find or develop a method of scanning their hosts for the virus/worm/trojan/foo, and cut off access on the necessary ports when those hosts are found. That's what Road Runner, for instance, did in some areas in response to Code Red and Nimda. A more extreme position (that I favor) is to put a note in the account's file that they are infected and causing a problem, then cut off their access entirely. When they call tech support, they find out they're infected. If ISPs do this (and as I've stated, some do), then reporting infections to them is vital, because unless they understand that it's a large number of their users, they won't bother dealing with it. -- Shawn McMahon | Let every nation know, whether it wishes us well or ill, EIV Consulting | that we shall pay any price, bear any burden, meet any UNIX and Linux | hardship, support any friend, oppose any foe, to assure http://www.eiv.com| the survival and the success of liberty. - JFK
Attachment:
_bin
Description:
Current thread:
- Re: Hysterical first technical alert from US-CERT, (continued)
- Re: Hysterical first technical alert from US-CERT Valdis . Kletnieks (Feb 04)
- Re: Hysterical first technical alert from US-CERT Stephen Samuel (Feb 06)
- Re: Hysterical first technical alert from US-CERT Valdis . Kletnieks (Feb 06)
- Re: Hysterical first technical alert from US-CERT Shawn McMahon (Feb 10)
- Re: Hysterical first technical alert from US-CERT Philip Rowlands (Feb 05)
- Re: Hysterical first technical alert from US-CERT Andreas Marx (Feb 06)
- Re: RFC: virus handling Matthew Dharm (Feb 03)
- Re: RFC: virus handling Ben Wheeler (Feb 04)
- Re: RFC: virus handling Shawn McMahon (Feb 07)
- Re: RFC: virus handling James C. Slora Jr. (Feb 03)
- Re: RFC: virus handling Dave Clendenan (Feb 03)
- Re: RFC: virus handling Volker Kuhlmann (Feb 04)
- Re: RFC: virus handling Casper Dik (Feb 04)