Bugtraq mailing list archives
Re: RFC: virus handling
From: Dave Aronson <spamtrap.secfocus () dja mailme org>
Date: Wed, 28 Jan 2004 15:06:22 -0500
On Wed January 28 2004 10:45, Thomas Zehetbauer wrote:
3.1.2.) e-mail Alias and Web-Interface Additionally providers should provide e-mail aliases for the IP addresses of their customers (eg. customer at 127.0.0.1 can be reached via 127.0.0.1 () provider com)
This would vastly simplify dictionary-attack spamming.
or a web interface with similiar functionality.
Better, but still might be easily abused by scripting.
3.2.) Disconnect Providers should grant their customers some grace period to clean their infection and should thereafter be disconnected entirely or filtered based on protocol (eg. outgoing SMTP) or content (eg. transparent smarthost with virus scanner) until they testify that they have cleaned their system.
Grace, shmace! Viri can do their dirty work in a matter of seconds. How about the ISP *immediately* blocks just the port(s) in question? (Recognizing that that could be *all* ports.) It could unblock after some time period with no outbound virus infection (or phone home for orders, etc.) attempts, and of course reblock when any new such activity is detected. -- Dave Aronson, Senior Software Engineer, Secure Software Inc. (Opinions above NOT those of securesw.com unless so stated!) Email me at: work (D0T) 2004 (@T) dja (D0T) mailme (D0T) org Web: http://destined.to/program http://listen.to/davearonson
Current thread:
- Re: RFC: virus handling, (continued)
- Re: RFC: virus handling Matthew Dharm (Feb 03)
- Re: RFC: virus handling Ben Wheeler (Feb 04)
- Re: RFC: virus handling Shawn McMahon (Feb 07)
- Re: RFC: virus handling Matthew Dharm (Feb 03)
- Re: RFC: virus handling Craig Morrison (Feb 02)
- Re: RFC: virus handling James C. Slora Jr. (Feb 03)
- Re: RFC: virus handling John Fitzgibbon (Feb 02)
- Re: RFC: virus handling Dave Clendenan (Feb 03)
- Re: RFC: virus handling Volker Kuhlmann (Feb 04)
- Re: RFC: virus handling Dave Clendenan (Feb 03)
- Re: RFC: virus handling Daniele Orlandi (Feb 02)
- Re: RFC: virus handling Pavel Kankovsky (Feb 02)
- Re: RFC: virus handling Dave Aronson (Feb 02)
- RE: RFC: virus handling David Brodbeck (Feb 03)
- Re: RFC: virus handling Casper Dik (Feb 04)