Educause Security Discussion mailing list archives
Re: Sobig Traffic
From: "Bruhn, Mark S." <mbruhn () INDIANA EDU>
Date: Tue, 9 Sep 2003 14:45:06 -0500
I've asked our Messaging team for specific technical details...as was said in another reply, I'm sure it's fairly simple procmail rules. I think the subject component of the RFC 822 header is fairly easy (and quick) to check. M. -- Mark S. Bruhn, CISSP, CISM Chief IT Security and Policy Officer Associate Director, Center for Applied Cybersecurity Research (http://cacr.iu.edu) Office of the Vice President for Information Technology and CIO Indiana University 812-855-0326 Incidents involving IU IT resources: it-incident () iu edu Complaints/kudos about OVPIT/UITS services: itombuds () iu edu -----Original Message----- From: Greg Graeff [mailto:ggraeff () PPC EDU] Sent: Tuesday, September 09, 2003 7:41 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Sobig Traffic If you are doing this with sendmail, can you share this with the group? Thanks. -Greg -----Original Message----- From: Bruhn, Mark S. [mailto:mbruhn () INDIANA EDU] Sent: Monday, September 08, 2003 12:54 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Sobig Traffic We're filtering on these subject lines, at our mail relays. Obviously, some of these can easily be legitimate subjects, but we've had very few complaints. M.
Re: Thank you! Thank you! Your details Re: Details Re: Re: My details Re: Approved Re: Your application Re: Wicked screensaver Re: That movie
-- Mark S. Bruhn, CISSP Chief IT Security and Policy Officer Indiana University 812-855-0326 -----Original Message----- From: Barros, Jacob [mailto:jkbarros () GRACE EDU] Sent: Monday, September 08, 2003 11:51 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Sobig Traffic Our exchange server is still getting hit with email messages containing the Sobig.f virus. The viruses is being deleted but we're losing system resources in the process. Do any of you know if there is a way that I can filter/block those messages before it hits the exchange server? Can it even be done or should we just ride out the storm. Am I on the wrong track in thinking that this bug is on the outside and in fact may be resident on one of our internal machines? ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/. ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/. ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/. ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- Sobig Traffic Barros, Jacob (Sep 08)
- <Possible follow-ups>
- Re: Sobig Traffic Bruhn, Mark S. (Sep 08)
- Re: Sobig Traffic Greg Francis (Sep 08)
- Re: Sobig Traffic F.M. Taylor (Sep 08)
- Re: Sobig Traffic Jamie Aiello (Sep 08)
- Re: Sobig Traffic Greg Graeff (Sep 09)
- Re: Sobig Traffic Scott Bradner (Sep 09)
- Re: Sobig Traffic Bruhn, Mark S. (Sep 09)
- Re: Sobig Traffic Scott Bradner (Sep 09)
- Re: Sobig Traffic Hahn, Jacob (Sep 09)