| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 3 Feb 2004 18:07:45 -0500 (EST) From: "James A. Thornton" <jamest@...38.infinite1der.org> To: Gadi Evron <ge@...uxbox.org> Cc: bugtraq@...urityfocus.com Subject: Re: getting rid of outbreaks and spam (junk) [WAS: Re: RFC: virus handling] On Tue, 3 Feb 2004, Gadi Evron wrote: > 3. I think we look at the whole problem in the wrong way, allow me to > elaborate: > > The AV industry is built on reaction rather than prevention. Adding > new signatures is still the #1 tool in the fight against malware. > > With spam and mass mailers clogging the tubes, causing us all to waste > money on bigger tubes, as well as our time dealing with the annoyance > (more money), shouldn't the problem be solved there (at the main tubes > themselves) rather than at the end user's desktop? > > If backbones filtered the top-10 current outbreaks, with non-intrusive > means such as for example running MD5 checksum checks against > attachments, or whatever other way - wouldn't it be better? True, it > may cause a cry of "the government spies on us, but with the current > economic troubles outbreaks cause, can we really use that excuse > anymore? Doesn't the police regulate speeding? Filtering at the backbone level is contraditory to 3.3, as the provider would have already sent the data out their Global ( or even National ) Peer so they're already paying for the increased data on the pipes. Also, the feat of filtering every packet, MD5'ing it, and dropping it would be an engineering marvel. (De-capsulation and re-encapsulation alone would require vasts amounts of processing power for that much data. ) Not to mention the end user resubmitting his request once he realizes that the recipient never got the message the first time. > > If I were to take the conspiratorial side, perhaps backbones like it > when people pay for tubes they don't need, which are used to deliver > 90% junk. > > Nobody wants to deal with "you are reading my mail!" or with "sorry, > now people will pay for smaller tubes", perhaps even at the ISP level > - "why should I pay for more filtering when it isn't demanded of me?". > > They are right, it isn't currently demanded of them. > > I would like to refer you to SpamCop (when it comes to spam) or > MessageLabs (for malware), it works. But you need to pay to get (most > of) their services. > There ARE ISP/provider level AV/Filtering products out that alleviate most of the sources of unwanted incoming and outgoing mail traffic. Of course, purchasing and implementation is up to the provider... _____________________________________________________________________ James A. Thornton UNIX System Administrator Atlanta, GA GnuPG fingerprint: 5A4E FF38 F255 78D2 EABC 63A5 6248 FBAB 293F EC0A
Powered by blists - more mailing lists