SecurityFocus

RFC: virus handling Jan 28 2004 03:45PM
Thomas Zehetbauer (thomasz hostmaster org) (13 replies)

Re: RFC: virus handling Jan 29 2004 08:39PM
Pavel Levshin (flicker mariinsky ru) (1 replies)

Re: RFC: virus handling Feb 03 2004 01:26AM
David F. Skoll (dfs roaringpenguin com)

Re: RFC: virus handling Jan 29 2004 12:18PM
Sascha Wilde (wilde agentur-sec de)

RFC: content-filter and AV notifications (Was: Re: RFC: virus handling) Jan 29 2004 12:00PM
Andrey G. Sergeev (AKA Andris) (andris aernet ru) (1 replies)

Re: RFC: content-filter and AV notifications (Was: Re: RFC: virus handling) Feb 03 2004 04:07PM
Peter J. Holzer (hjp wsr ac at)

Re: RFC: virus handling Jan 28 2004 11:11PM
Pavel Kankovsky (peak argo troja mff cuni cz)

Re: RFC: virus handling Jan 28 2004 10:00PM
John Fitzgibbon (fitz jfitz com) (1 replies)

Re: RFC: virus handling Feb 03 2004 05:09PM
Dave Clendenan (dave dave clendenan ca) (1 replies)

Re: RFC: virus handling Feb 03 2004 10:59PM
Volker Kuhlmann (list0570 paradise net nz)

Re: RFC: virus handling Jan 28 2004 09:26PM
Craig Morrison (craig fishpalace org) (1 replies)

Re: RFC: virus handling Feb 03 2004 11:11AM
James C. Slora Jr. (Jim Slora phra com)

Re: virus handling Jan 28 2004 08:33PM
Mike Healan (mike spywareinfo com)

Re: RFC: virus handling Jan 28 2004 08:06PM
Dave Aronson (spamtrap secfocus dja mailme org)

Re: RFC: virus handling Jan 28 2004 07:08PM
Daniele Orlandi (daniele orlandi com)

Re: RFC: virus handling Jan 28 2004 06:48PM
Piotr KUCHARSKI (chopin sgh waw pl)

Re: RFC: virus handling Jan 28 2004 06:24PM
Patrick Proniewski (patpro patpro net) (1 replies)

Re: RFC: virus handling Feb 03 2004 08:55PM
Matthew Dharm (mdharm one-eyed-alien net) (1 replies)

On Wed, Jan 28, 2004 at 07:24:52PM +0100, Patrick Proniewski wrote:
> On 28 janv. 2004, at 16:45, Thomas Zehetbauer wrote:
>
> >Looking at the current outbreak of the Mydoom.A worm I would like to
> >share and discuss some thoughts:
>
>
> You bring some definitely interesting points here.
>
> I agree with your 1) and 2), but 3) rises some technical concern
>
> >3.1.2.) e-mail Alias and Web-Interface
> >Additionally providers should provide e-mail aliases for the IP
> >addresses of their customers (eg. customer at 127.0.0.1 can be reached
> >via 127.0.0.1 (at) provider (dot) com [email concealed]) or a web interface with similiar
> >functionality. The latter should be provided when dynamically assigned
> >IP addresses are used for which an additional timestamp is required.
>
>
> could be a really good idea, if not so easy to use for spammers or even
> for virii. The moment you setup such a service, spammers/virus coder
> will write a script that can reach every single user with an active
> connexion. It's a really major drawback I think.

Perhaps something with more limited functionality, then?

Consider a provider who offers the e-mail address of
virusalert (at) provider (dot) com [email concealed] (name it what you will), to which can be fed an
e-mail consisting of a single line -- that line is the IP address and a
one-word 'name' for the problem.

Thus, if I find I'm getting MyDoom.A from 127.2.2.1, I can send a message
that will alert _someone_ (who is presumeably not asleep at the controls).

It also means that general e-mail cannot be sent via this interface -- no
spamming. The provider can take this information, look it up (with the
timestamp the e-mail came in at, if necessary for large dynamic pools), and
take action (the least of which, I hope, would be to notify the end-user).

This could even be done without e-mail at all. A quick HTTP GET/POST could
carry this information. Heck, this could run much like ident/auth
services to a designated machine (i.e. virusalert.provider.com).

Matt

--
Matthew Dharm Home: mdharm (at) one-eyed-alien (dot) net [email concealed]
Senior Software Designer, Momentum Computer

IT KEEPS ASKING ME WHERE I WANT TO GO TODAY! I DONT WANT TO GO ANYWHERE!
-- Greg
User Friendly, 11/28/97

[ reply ]

Re: RFC: virus handling Feb 04 2004 01:44PM
Ben Wheeler (b wheeler ulcc ac uk) (1 replies)

Re: RFC: virus handling Feb 05 2004 12:52PM
Shawn McMahon (smcmahon eiv com)

Re: RFC: virus handling Jan 28 2004 06:07PM
Jeremy Mates (jmates sial org) (1 replies)

Hysterical first technical alert from US-CERT Feb 03 2004 12:11PM
Larry Seltzer (larry larryseltzer com) (3 replies)

Re: Hysterical first technical alert from US-CERT Feb 05 2004 12:18PM
Andreas Marx (amarx gega-it de)

Re: Hysterical first technical alert from US-CERT Feb 04 2004 02:31PM
Valdis Kletnieks vt edu (2 replies)

Re: Hysterical first technical alert from US-CERT Feb 05 2004 08:33AM
Stephen Samuel (samuel bcgreen com) (1 replies)

Re: Hysterical first technical alert from US-CERT Feb 06 2004 10:07PM
Valdis Kletnieks vt edu (1 replies)

Re: Hysterical first technical alert from US-CERT Feb 08 2004 01:01PM
Shawn McMahon (smcmahon eiv com)

RE: Hysterical first technical alert from US-CERT Feb 04 2004 02:41PM
Larry Seltzer (larry larryseltzer com) (1 replies)

Re: Hysterical first technical alert from US-CERT Feb 04 2004 05:11PM
Valdis Kletnieks vt edu

Re: Hysterical first technical alert from US-CERT Feb 04 2004 12:27PM
Philip Rowlands (phr doc ic ac uk)

Re: RFC: virus handling Jan 28 2004 05:54PM
3APA3A (3APA3A SECURITY NNOV RU) (1 replies)

getting rid of outbreaks and spam (junk) [WAS: Re: RFC: virus handling] Feb 03 2004 09:11AM
Gadi Evron (ge linuxbox org) (4 replies)

Re: getting rid of outbreaks and spam (junk) Feb 04 2004 08:07PM
James Riden (j riden massey ac nz)

Re: getting rid of outbreaks and spam (junk) [WAS: Re: RFC: virus handling] Feb 04 2004 08:04PM
Georg Schwarz (geos epost de)

Re: getting rid of outbreaks and spam (junk) [WAS: Re: RFC: virus handling] Feb 04 2004 06:27AM
der Mouse (mouse Rodents Montreal QC CA)

Re: getting rid of outbreaks and spam (junk) [WAS: Re: RFC: virus handling] Feb 03 2004 11:07PM
James A. Thornton (jamest u-238 infinite1der org)