lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Pine.GSO.4.10.10402031748300.13419-100000@u-238>
Date: Tue, 3 Feb 2004 18:07:45 -0500 (EST)
From: "James A. Thornton" <jamest@...38.infinite1der.org>
To: Gadi Evron <ge@...uxbox.org>
Cc: bugtraq@...urityfocus.com
Subject: Re: getting rid of outbreaks and spam (junk) [WAS: Re: RFC: virus
 handling]




On Tue, 3 Feb 2004, Gadi Evron wrote:

> 3. I think we look at the whole problem in the wrong way, allow me to
> elaborate:
> 
> The AV industry is built on reaction rather than prevention. Adding
> new signatures is still the #1 tool in the fight against malware.
> 
> With spam and mass mailers clogging the tubes, causing us all to waste
> money on bigger tubes, as well as our time dealing with the annoyance
> (more money), shouldn't the problem be solved there (at the main tubes
> themselves) rather than at the end user's desktop?
> 
> If backbones filtered the top-10 current outbreaks, with non-intrusive
> means such as for example running MD5 checksum checks against
> attachments, or whatever other way - wouldn't it be better? True, it
> may cause a cry of "the government spies on us, but with the current
> economic troubles outbreaks cause, can we really use that excuse
> anymore? Doesn't the police regulate speeding?

Filtering at the backbone level is contraditory to 3.3, as the provider
would have already sent the data out their Global ( or even National )
Peer so they're already paying for the increased data on the pipes. Also,
the feat of filtering every packet, MD5'ing it, and dropping it would be
an engineering marvel. (De-capsulation and re-encapsulation alone would
require vasts amounts of processing power for that much data. ) Not to
mention the end user resubmitting his request once he realizes that the
recipient never got the message the first time.

> 
> If I were to take the conspiratorial side, perhaps backbones like it
> when people pay for tubes they don't need, which are used to deliver
> 90% junk.
> 
> Nobody wants to deal with "you are reading my mail!" or with "sorry,
> now people will pay for smaller tubes", perhaps even at the ISP level
> - "why should I pay for more filtering when it isn't demanded of me?".
> 
> They are right, it isn't currently demanded of them.
> 
> I would like to refer you to SpamCop (when it comes to spam) or
> MessageLabs (for malware), it works. But you need to pay to get (most
> of) their services.
> 

There ARE ISP/provider level AV/Filtering products out that alleviate most
of the sources of unwanted incoming and outgoing mail traffic. Of course,
purchasing and implementation is up to the provider...

_____________________________________________________________________   
James A. Thornton     UNIX System Administrator     Atlanta, GA

GnuPG fingerprint: 5A4E FF38 F255 78D2 EABC  63A5 6248 FBAB 293F EC0A



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ