RE: [Full-Disclosure] Backdoor not recognized by Kaspersky

From: Nick FitzGerald (
Date: 03/04/04

  • Next message: Nick FitzGerald: "RE: [Full-Disclosure] Backdoor not recognized by Kaspersky"
    Date: Thu, 04 Mar 2004 13:50:59 +1300

    "Aditya, ALD [Aditya Lalit Deshmukh]" wrote:

    > how about the smtp server simply rejecting mail from spoofed hosts ? as
    > all the viruses generate spoofed hosts and it is very easy for any smtp
    > server to do a dns lookup on the sending server, if the hostname / ip
    > address do not match reject the message.

    Because, no matter how much you may not like it, some of us have to use
    spoofing. It is a designed in feature -- sure a "weakness" by today's
    standards, but not as much of a weakness as the fact that the whole
    Internet as we know it is based on protocols and mechanisms that
    _assume_ physical security and guaranteed locatability of connected
    machines and those with administrative authority over them. In fact,
    those factors were so deeply ingrained in the original design that I
    doubt anyone involved in spec'ing, designing and implementing what
    became ARPAnet even thought to ask about such issues.

    In short, _if_ something was on that network it was _supposed to be

    Who in their right mind would adopt such a system for "the Information
    Super-highway" and encourage business to "get on the net" when it was
    deployed as an open sewer rather than a self-trusting closed network??

    Gluing another layer of "machine authentication" into the SMTP protocol
    won't fix any of the fundamental underlying problems that allow spam
    and mass-mailed viruses to aggrieve us so...


    Nick FitzGerald

    Full-Disclosure - We believe in it.

  • Next message: Nick FitzGerald: "RE: [Full-Disclosure] Backdoor not recognized by Kaspersky"