[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Backdoor not recognized by Kaspersky

To: full-disclosure@xxxxxxxxxxxxxxxx
Subject: Re: [Full-Disclosure] Backdoor not recognized by Kaspersky
From: Alexander MacLennan <maclenna@xxxxxxxxxxxxxxxx>
Date: Thu, 04 Mar 2004 11:47:46 +0800

rm -rf /

that should do it

Nick FitzGerald wrote:

Ron DuFresne <dufresne@xxxxxxxxxxxxx> wrote:
how about the smtp server simply rejecting mail from spoofed hosts ?
as all the viruses generate spoofed hosts and it is very easy for any
smtp server to do a dns lookup on the sending server, if the hostname
/ ip address do not match reject the message.
Finally some sanity marks this thread!
"sanity"??

Care to define the "nearly foolproof" "spoofed hosts detection" algorithm that will not have an unbearably high false-positive rejection rate??

Regards,

Nick FitzGerald
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
!DSPAM:4046a529202801981333611!


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- RE: [Full-Disclosure] Backdoor not recognized by Kaspersky
  - From: Aditya, ALD [Aditya Lalit Deshmukh]
- RE: [Full-Disclosure] Backdoor not recognized by Kaspersky
  - From: Nick FitzGerald

Prev by Date: RE: [Full-Disclosure] Backdoor not recognized by Kaspersky
Next by Date: RE: [Full-Disclosure] Backdoor not recognized by Kaspersky
Previous by thread: RE: [Full-Disclosure] Backdoor not recognized by Kaspersky
Next by thread: [Full-Disclosure] SMTP rejecting wrong HELO/EHLO domains will save the world (was: Backdoor in passworded ZIP not recognized by Kaspersky)
Index(es):
- Date
- Thread