Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

RE: AV "feature" does more DDoS than Sobig

From: "Richard M. Smith" <rms () computerbytesman com>
Date: Thu, 28 Aug 2003 10:28:49 -0400
   >>> Any sort of automated response based on perceived 
   >>> sender IP address is not only brain-dead, but irresponsible.

In the case of Sobig, it's the return email address which is false.  The
bogus warning messages are being sent to these forged email addresses. 

The originating IP address in the email headers of a Sobig message
should be accurate in most cases.  Sobig talks directly to the SMTP
server for the email address that Sobig is sending a copy of itself to.


Richard


#################################################################
#################################################################
#################################################################
#####
#####
#####
#################################################################
#################################################################
#################################################################

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: