Full Disclosure mailing list archives
Re: Backdoor not recognized by Kaspersky
From: "Lan Guy" <rlanguy () hotmail com>
Date: Thu, 4 Mar 2004 09:47:40 +0200
One ISP here in Israel, has tried to do something about this.They block all TCP traffic on port 25 (bi di) except for there own mail servers IP They also have a limited amount of "allowed" IP addresses, such as other ISP's but that is it.
Lan Guy----- Original Message ----- From: "Mike Barushok" <mikehome () kcisp net>
Cc: <full-disclosure () lists netsys com> Sent: Thursday, March 04, 2004 8:01 AM Subject: RE: [Full-disclosure] Backdoor not recognized by Kaspersky
On Wed, 3 Mar 2004, Larry Seltzer wrote:>>I feel the need to address the problem from an ISP perspective, since >>the corporate and government and other institutional persective seems to give different answers. And because the ISP end user problem is still the majority of the reservoir for viruses (andspam proxy/relay/trojans).I really feel for you guys. As I've argued in another thread, I think SMTP authentication will likely cut this stuff down to a trickle compared to the current volume. As an ISP, how big a problem would you have with that. An even better question: Would you have a problem implementing SPF, Caller ID and Domain Keys (i.e. all 3)? It gets to the same issue of changing practices for your users: at some point you have toeither bounce or segregate mail that doesn't authenticate.SMTP auth does not help at all. A virus that delivers email via it's own SMTP engine completely bypasses the end users ISP server(s). And if the recipient server does not allow incoming mail from wherever it is presented from, then incoming mail will simply be broken unless there is some sort of SPF. But, SPF, caller-ID, and Domain keys all have major unsolved issues with forwards, aliases, corporate employees checking their work mail and needing to reply through their home connection ISP, but with their company 'From: ' address and several other common scenarios. Until their is universal adoption of some add on to SMTP, nobody can reject all non-conforming mail safely. All implementations create a much greater load on DNS. The real issue is that their is no possible algorithmic solution to rejecting email reliably based on any of its source, its content, or any combination. Then there is the 'rejection' problem. If the mail is not accepted, laws prohibit silently discarding it. But any reasonable method of attempting to bounce it back to its source after accepting it for examination is a completely easily exploited back door the spammers and virus writers will use to deliver mail. So, the only practical point in the process to decline the mail is before the data is sent. A transient error may result only it retries every five minutes for the next four days. A permanent error may result a cached failure that affects all email for a period of time. And the delivery back to the apparent sender within the sending ISP is still available as an infection vector. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: Backdoor not recognized by Kaspersky, (continued)
- RE: Backdoor not recognized by Kaspersky madsaxon (Mar 03)
- RE: Backdoor not recognized by Kaspersky Rob Rosenberger (Mar 03)
- RE: Backdoor not recognized by Kaspersky Nick FitzGerald (Mar 03)
- RE: Backdoor not recognized by Kaspersky Schmehl, Paul L (Mar 03)
- Re[2]: Backdoor not recognized by Kaspersky Simbabque (Mar 03)
- RE: Backdoor not recognized by Kaspersky Mike Barushok (Mar 03)
- RE: Backdoor not recognized by Kaspersky Larry Seltzer (Mar 03)
- SMTP "authentication" (was: RE: Backdoor not recognized by Kaspersky) Nick FitzGerald (Mar 03)
- SMTP authentication will save the world (was: EXE not recognized in passworded ZIP by Kaspersky) Martin Mačok (Mar 03)
- RE: Backdoor not recognized by Kaspersky Mike Barushok (Mar 03)
- Re: Backdoor not recognized by Kaspersky Lan Guy (Mar 04)
- RE: Backdoor not recognized by Kaspersky Matthew C. Beckman (Mar 04)
- RFC and silent discarding of e-mails (was: Backdoor not recognized by Kaspersky) Martin Mačok (Mar 04)
- Re: RFC and silent discarding of e-mails Luís Bruno (Mar 04)
- Re: RFC and silent discarding of e-mails Martin Mačok (Mar 04)
- Re: RFC and silent discarding of e-mails Luís Bruno (Mar 04)
- RE: Backdoor not recognized by Kaspersky madsaxon (Mar 03)
- RE: Backdoor not recognized by Kaspersky Larry Seltzer (Mar 04)
- RE: Backdoor not recognized by Kaspersky Nick FitzGerald (Mar 04)
- Re: Backdoor not recognized by Kaspersky Valdis . Kletnieks (Mar 04)
- RE: Backdoor not recognized by Kaspersky Sean Crawford (Mar 04)
- Re: Backdoor not recognized by Kaspersky Rodrigo Barbosa (Mar 04)