RE: [Full-Disclosure] Backdoor not recognized by Kaspersky

From: Nick FitzGerald (nick_at_virus-l.demon.co.uk)
Date: 03/04/04

  • Next message: Nick FitzGerald: "RE: [Full-Disclosure] Backdoor not recognized by Kaspersky"
    To: full-disclosure@lists.netsys.com
    Date: Thu, 04 Mar 2004 13:50:59 +1300
    
    

    "Aditya, ALD [Aditya Lalit Deshmukh]" wrote:

    <<snip>>
    > how about the smtp server simply rejecting mail from spoofed hosts ? as
    > all the viruses generate spoofed hosts and it is very easy for any smtp
    > server to do a dns lookup on the sending server, if the hostname / ip
    > address do not match reject the message.

    Because, no matter how much you may not like it, some of us have to use
    spoofing. It is a designed in feature -- sure a "weakness" by today's
    standards, but not as much of a weakness as the fact that the whole
    Internet as we know it is based on protocols and mechanisms that
    _assume_ physical security and guaranteed locatability of connected
    machines and those with administrative authority over them. In fact,
    those factors were so deeply ingrained in the original design that I
    doubt anyone involved in spec'ing, designing and implementing what
    became ARPAnet even thought to ask about such issues.

    In short, _if_ something was on that network it was _supposed to be
    there_.

    Who in their right mind would adopt such a system for "the Information
    Super-highway" and encourage business to "get on the net" when it was
    deployed as an open sewer rather than a self-trusting closed network??

    Gluing another layer of "machine authentication" into the SMTP protocol
    won't fix any of the fundamental underlying problems that allow spam
    and mass-mailed viruses to aggrieve us so...

    Regards,

    Nick FitzGerald

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html


  • Next message: Nick FitzGerald: "RE: [Full-Disclosure] Backdoor not recognized by Kaspersky"

    Relevant Pages

    • RE: [Full-Disclosure] Backdoor not recognized by Kaspersky
      ... SMTP authentication will not do much to stop viruses from spreading. ... SMTP server to reusing whatever SMTP credentials you have on your ...
      (Full-Disclosure)
    • RE: SMTP Server remote queue length alert
      ... Thank you for posting in the SBS newsgroup. ... automatically creates a SMTP connector for outgoing messages. ... bridgehead defines the Exchange server which can use this SMTP connector to ... What method is used to send outgoing email (DNS route or ISP ...
      (microsoft.public.windows.server.sbs)
    • RE: Exchange, BadMail Folder
      ... always growing after you have removed files from folder and unplug server ... Furthermore,Please refer to the following KB article to clean up the SMTP ... click SmallBusiness SMTP Connector under ... them in a single queue for the SmallBusiness SMTP Connector or for the one ...
      (microsoft.public.windows.server.sbs)
    • RE: SMTP error (only from Outlook)
      ... This issue appeared on specify user or all SMTP clients? ... If yes, in Exchange System ... Is there any local bridgehead server listed in "Local ... to over three dozen open relay block lists. ...
      (microsoft.public.windows.server.sbs)
    • Re: disable Exchange Server 2003 Smart Host
      ... Please correct me if I am wrong: A Smart Host on the SMTP Connector of ... Exchange Server 2003 on SBS allolws me to specify an outgoing SMTP ...
      (microsoft.public.windows.server.sbs)