lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 28 Jan 2004 15:06:22 -0500
From: Dave Aronson <>
Cc: Thomas Zehetbauer <>
Subject: Re: RFC: virus handling

On Wed January 28 2004 10:45, Thomas Zehetbauer wrote:

 > 3.1.2.) e-mail Alias and Web-Interface
 > Additionally providers should provide e-mail aliases for the IP
 > addresses of their customers (eg. customer at can be
 > reached via

This would vastly simplify dictionary-attack spamming.

 > or a web interface with similiar functionality.

Better, but still might be easily abused by scripting.

 > 3.2.) Disconnect
 > Providers should grant their customers some grace period to clean
 > their infection and should thereafter be disconnected entirely or
 > filtered based on protocol (eg. outgoing SMTP) or content (eg.
 > transparent smarthost with virus scanner) until they testify that
 > they have cleaned their system.

Grace, shmace!  Viri can do their dirty work in a matter of seconds.  
How about the ISP *immediately* blocks just the port(s) in question?  
(Recognizing that that could be *all* ports.)  It could unblock after 
some time period with no outbound virus infection (or phone home for 
orders, etc.) attempts, and of course reblock when any new such 
activity is detected.

Dave Aronson, Senior Software Engineer, Secure Software Inc.
(Opinions above NOT those of unless so stated!)
Email me at: work (D0T) 2004 (@T) dja (D0T) mailme (D0T) org

Powered by blists - more mailing lists