[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Pine.GSO.4.43.0308281350310.4058-100000@tundra.winternet.com>
From: dufresne at winternet.com (Ron DuFresne)
Subject: AV "feature" does more DDoS than Sobig
On Thu, 28 Aug 2003, Richard M. Smith wrote:
> Ron,
>
> >>> else, you become part of the perpetual
> >>> 'SPAM/viri-by-product" problem, wasting
> >>> and consuming bandwidth
>
> Actually, it's important to get these false AV warning messages shut
> off. One company that I contacted told me that they have already sent
> out hundreds of thousands of false warning messages about Sobig.F. They
> are now working to get this feature turned off. It looks like they are
> running some sort homebrew software and not a commercial package.
>
While I agree with you in concept and theory, I can tell you by
implimentation and experience, they will persist from most sites for the
duration. Much as most the hacked/compromised systems that are the core
of the problem, will also persist to be issues and core parts of the
problem for a long long time. Example, the number of systems still
infested with nimda/code-red that hit my logs years now, after the fact.
Some after more then one notice and/or call to folks that handle the
systems but, remain clueless. There isn't a lart large enough to dispense
enough clues to go around.
Thanks,
Ron DuFresne
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
***testing, only testing, and damn good at it too!***
OK, so you're a Ph.D. Just don't touch anything.
Powered by blists - more mailing lists