| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 28 Jan 2004 15:06:22 -0500 From: Dave Aronson <spamtrap.secfocus@....mailme.org> To: bugtraq@...urityfocus.com Cc: Thomas Zehetbauer <thomasz@...tmaster.org> Subject: Re: RFC: virus handling On Wed January 28 2004 10:45, Thomas Zehetbauer wrote: > 3.1.2.) e-mail Alias and Web-Interface > Additionally providers should provide e-mail aliases for the IP > addresses of their customers (eg. customer at 127.0.0.1 can be > reached via 127.0.0.1@...vider.com) This would vastly simplify dictionary-attack spamming. > or a web interface with similiar functionality. Better, but still might be easily abused by scripting. > 3.2.) Disconnect > Providers should grant their customers some grace period to clean > their infection and should thereafter be disconnected entirely or > filtered based on protocol (eg. outgoing SMTP) or content (eg. > transparent smarthost with virus scanner) until they testify that > they have cleaned their system. Grace, shmace! Viri can do their dirty work in a matter of seconds. How about the ISP *immediately* blocks just the port(s) in question? (Recognizing that that could be *all* ports.) It could unblock after some time period with no outbound virus infection (or phone home for orders, etc.) attempts, and of course reblock when any new such activity is detected. -- Dave Aronson, Senior Software Engineer, Secure Software Inc. (Opinions above NOT those of securesw.com unless so stated!) Email me at: work (D0T) 2004 (@T) dja (D0T) mailme (D0T) org Web: http://destined.to/program http://listen.to/davearonson
Powered by blists - more mailing lists