| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 28 Jan 2004 15:33:36 -0500 From: "Mike Healan" <mike@...wareinfo.com> To: "Thomas Zehetbauer" <thomasz@...tmaster.org>, <bugtraq@...urityfocus.com> Subject: Re: virus handling > 3.1.1.) Abuse Role Account > Providers should provide an adequately stuffed abuse role account Typo: "stuffed" > "staffed" > 3.1.2.) e-mail Alias and Web-Interface > Additionally providers should provide e-mail aliases for the IP > addresses of their customers (eg. customer at 127.0.0.1 can be reached > via 127.0.0.1@...vider.com) or a web interface with similiar > functionality. The latter should be provided when dynamically assigned > IP addresses are used for which an additional timestamp is required. I would disagree with 3.1.2. Otherwise you could end up with direct marketing companies such as Doubleclick harvesting the IP addresses accessing their banner ads and then sending UCE to those people. Or for that matter, it could lead to a mass attack with someone sending UCE to every IP address allocated to an ISP. *Someone* probably will be using that IP and spammers clearly don't care who sees their spam. Otherwise I entirely agree with this. Bouncing a virus-infected email is worse than useless. It is active participation in the distribution of the worm and the damage to networks it is causing. Regards, Mike Healan Editor www.spywareinfo.com ----- Original Message ----- From: "Thomas Zehetbauer" <thomasz@...tmaster.org> To: <bugtraq@...urityfocus.com> Sent: Wednesday, January 28, 2004 10:45 AM Subject: RFC: virus handling
Powered by blists - more mailing lists