Re: virus handling

From: Mike Healan (mike_at_spywareinfo.com)
Date: 01/28/04

  • Next message: John Fitzgibbon: "Re: RFC: virus handling"
    To: "Thomas Zehetbauer" <thomasz@hostmaster.org>, <bugtraq@securityfocus.com>
    Date: Wed, 28 Jan 2004 15:33:36 -0500
    
    

    > 3.1.1.) Abuse Role Account
    > Providers should provide an adequately stuffed abuse role account

    Typo: "stuffed" > "staffed"

    > 3.1.2.) e-mail Alias and Web-Interface
    > Additionally providers should provide e-mail aliases for the IP
    > addresses of their customers (eg. customer at 127.0.0.1 can be reached
    > via 127.0.0.1@provider.com) or a web interface with similiar
    > functionality. The latter should be provided when dynamically assigned
    > IP addresses are used for which an additional timestamp is required.

    I would disagree with 3.1.2. Otherwise you could end up with direct
    marketing companies such as Doubleclick harvesting the IP addresses
    accessing their banner ads and then sending UCE to those people. Or for
    that matter, it could lead to a mass attack with someone sending UCE to
    every IP address allocated to an ISP. *Someone* probably will be using
    that IP and spammers clearly don't care who sees their spam.

    Otherwise I entirely agree with this. Bouncing a virus-infected email is
    worse than useless. It is active participation in the distribution of
    the worm and the damage to networks it is causing.

    Regards,

    Mike Healan
    Editor
    www.spywareinfo.com

    ----- Original Message -----
    From: "Thomas Zehetbauer" <thomasz@hostmaster.org>
    To: <bugtraq@securityfocus.com>
    Sent: Wednesday, January 28, 2004 10:45 AM
    Subject: RFC: virus handling


  • Next message: John Fitzgibbon: "Re: RFC: virus handling"