Re: Virus and spam blocking technique
phn_at_icke-reklam.ipsec.nu
Date: 08/24/03
- Next message: Benoit: "Re: THOSE DARN ANNOYING EMAIL VIRUSES!"
- Previous message: leslie: "Microsoft Cerebrates Fifteen Years of Poor Security"
- In reply to: Gianni Mariani: "Virus and spam blocking technique"
- Next in thread: Gianni Mariani: "Re: Virus and spam blocking technique"
- Reply: Gianni Mariani: "Re: Virus and spam blocking technique"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 23 Aug 2003 22:31:18 +0000 (UTC)
Gianni Mariani <gi2nospam@mariani.ws> wrote:
> This last round with SoBig demonstrated that the internet is vulnerable.
Nope. But microsoft producs are.
> I think we need to act quickly otherwise we can find the internet shut
> down by malicious attacks.
Talk to yourself. I'm not running wintendo, nor is my mailserver.
> Bounce notifications became more annoying than the SoBig virus itself. I
> found that most of the SoBig emails came from a small set of machines.
> Of the 2000 or so emails I got, over 1800 came from 25 IP addresses. I
> found that blocking those IP addresses at the firewall significantly
> reduced the load on the server (and the access line). I now slowly have
> to go back and remove the blocks as I notice that the connection
> requests from those ports die away.
Well, i'm receiving these too. But the difference is that they only are
as painful as spam, they cost disk space and my time to remove them. Thats all.
> I have designed a scheme where all this is done automatically.
> When these attacks can be identified, the offending equipment needs to
> be isolated immediatly.
> Provide a mechanism through ICMP to notify routers of a threat. Just
> like an ICMP error is sent, another indicator of "malicious machine" can
> be sent. Yes, this brings a whole bunch of issues as to alternative
> attacks but it is soluble.
You are talking about DDOS. Stop !
> These are just rants at the moment but I don't think it would be so hard
> to do and I think the threat is imminent. Unfortunately, the reality is
> that certain equipment is highly vulnerable and new exploits are bound
> to surface and the virus writer is now becoming so clever that one
> malicious virus can take down the entire internet in minutes. The
> ability to isolate the offending equipment automatically and reliably
> will reduce the impact on other services.
> Ideas, thoughts, or just say I'm crazy ?
You are overreacting and possibly throwing out the baby with the dirty
water. Stop using wintendo then everything else is much less of a problem.
--
Peter Håkanson
IPSec Sverige ( At Gothenburg Riverside )
Sorry about my e-mail address, but i'm trying to keep spam out,
remove "icke-reklam" if you feel for mailing me. Thanx.
- Next message: Benoit: "Re: THOSE DARN ANNOYING EMAIL VIRUSES!"
- Previous message: leslie: "Microsoft Cerebrates Fifteen Years of Poor Security"
- In reply to: Gianni Mariani: "Virus and spam blocking technique"
- Next in thread: Gianni Mariani: "Re: Virus and spam blocking technique"
- Reply: Gianni Mariani: "Re: Virus and spam blocking technique"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
