[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: RFC: virus handling
- To: bugtraq@securityfocus.com
- Subject: Re: RFC: virus handling
- From: Dave Aronson <spamtrap.secfocus@dja.mailme.org>
- Date: Wed, 28 Jan 2004 15:06:22 -0500
On Wed January 28 2004 10:45, Thomas Zehetbauer wrote:
> 3.1.2.) e-mail Alias and Web-Interface
> Additionally providers should provide e-mail aliases for the IP
> addresses of their customers (eg. customer at can be
> reached via
This would vastly simplify dictionary-attack spamming.
> or a web interface with similiar functionality.
Better, but still might be easily abused by scripting.
> 3.2.) Disconnect
> Providers should grant their customers some grace period to clean
> their infection and should thereafter be disconnected entirely or
> filtered based on protocol (eg. outgoing SMTP) or content (eg.
> transparent smarthost with virus scanner) until they testify that
> they have cleaned their system.
Grace, shmace! Viri can do their dirty work in a matter of seconds.
How about the ISP *immediately* blocks just the port(s) in question?
(Recognizing that that could be *all* ports.) It could unblock after
some time period with no outbound virus infection (or phone home for
orders, etc.) attempts, and of course reblock when any new such
activity is detected.
Dave Aronson, Senior Software Engineer, Secure Software Inc.
(Opinions above NOT those of securesw.com unless so stated!)
Email me at: work (D0T) 2004 (@T) dja (D0T) mailme (D0T) org
Web: http://destined.to/program http://listen.to/davearonson