[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [Full-Disclosure] AV "feature" does more DDoS than Sobig
- To: "Richard M. Smith" <rms@computerbytesman.com>
- Subject: RE: [Full-Disclosure] AV "feature" does more DDoS than Sobig
- From: Ron DuFresne <dufresne@winternet.com>
- Date: Thu, 28 Aug 2003 13:55:11 -0500 (CDT)
On Thu, 28 Aug 2003, Richard M. Smith wrote:
> Ron,
>
> >>> else, you become part of the perpetual
> >>> 'SPAM/viri-by-product" problem, wasting
> >>> and consuming bandwidth
>
> Actually, it's important to get these false AV warning messages shut
> off. One company that I contacted told me that they have already sent
> out hundreds of thousands of false warning messages about Sobig.F. They
> are now working to get this feature turned off. It looks like they are
> running some sort homebrew software and not a commercial package.
>
While I agree with you in concept and theory, I can tell you by
implimentation and experience, they will persist from most sites for the
duration. Much as most the hacked/compromised systems that are the core
of the problem, will also persist to be issues and core parts of the
problem for a long long time. Example, the number of systems still
infested with nimda/code-red that hit my logs years now, after the fact.
Some after more then one notice and/or call to folks that handle the
systems but, remain clueless. There isn't a lart large enough to dispense
enough clues to go around.
Thanks,
Ron DuFresne
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
***testing, only testing, and damn good at it too!***
OK, so you're a Ph.D. Just don't touch anything.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html