|
|
BugTraq
RFC: virus handling Jan 28 2004 03:45PM Thomas Zehetbauer (thomasz hostmaster org) (13 replies) RFC: content-filter and AV notifications (Was: Re: RFC: virus handling) Jan 29 2004 12:00PM Andrey G. Sergeev (AKA Andris) (andris aernet ru) (1 replies) Re: RFC: content-filter and AV notifications (Was: Re: RFC: virus handling) Feb 03 2004 04:07PM Peter J. Holzer (hjp wsr ac at) Re: RFC: virus handling Jan 28 2004 10:00PM John Fitzgibbon (fitz jfitz com) (1 replies) Re: RFC: virus handling Jan 28 2004 06:07PM Jeremy Mates (jmates sial org) (1 replies) Hysterical first technical alert from US-CERT Feb 03 2004 12:11PM Larry Seltzer (larry larryseltzer com) (3 replies) Re: Hysterical first technical alert from US-CERT Feb 05 2004 12:18PM Andreas Marx (amarx gega-it de) Re: Hysterical first technical alert from US-CERT Feb 04 2004 02:31PM Valdis Kletnieks vt edu (2 replies) Re: Hysterical first technical alert from US-CERT Feb 05 2004 08:33AM Stephen Samuel (samuel bcgreen com) (1 replies) Re: Hysterical first technical alert from US-CERT Feb 06 2004 10:07PM Valdis Kletnieks vt edu (1 replies) Re: Hysterical first technical alert from US-CERT Feb 08 2004 01:01PM Shawn McMahon (smcmahon eiv com) RE: Hysterical first technical alert from US-CERT Feb 04 2004 02:41PM Larry Seltzer (larry larryseltzer com) (1 replies) Re: Hysterical first technical alert from US-CERT Feb 04 2004 12:27PM Philip Rowlands (phr doc ic ac uk) Re: RFC: virus handling Jan 28 2004 05:54PM 3APA3A (3APA3A SECURITY NNOV RU) (1 replies) getting rid of outbreaks and spam (junk) [WAS: Re: RFC: virus handling] Feb 03 2004 09:11AM Gadi Evron (ge linuxbox org) (4 replies) Re: getting rid of outbreaks and spam (junk) [WAS: Re: RFC: virus handling] Feb 04 2004 08:04PM Georg Schwarz (geos epost de) Re: getting rid of outbreaks and spam (junk) [WAS: Re: RFC: virus handling] Feb 04 2004 06:27AM der Mouse (mouse Rodents Montreal QC CA) Re: getting rid of outbreaks and spam (junk) [WAS: Re: RFC: virus handling] Feb 03 2004 11:07PM James A. Thornton (jamest u-238 infinite1der org) |
|
Privacy Statement |
> Consider a provider who offers the e-mail address of
> virusalert (at) provider (dot) com [email concealed] (name it what you will), to which can be fed an
> e-mail consisting of a single line -- that line is the IP address and a
> one-word 'name' for the problem.
>
> Thus, if I find I'm getting MyDoom.A from 127.2.2.1, I can send a message
> that will alert _someone_ (who is presumeably not asleep at the controls).
I don't see much difference between this and the normal strategy of
just notifying abuse@ or some other address at the ISP. It is similarly
doomed to failure, because you end up with so many reports that the ISP
cannot possibly verify whether each report is legitimate or not. So they
would have a choice of either:
1. Ignore all reports. "It's not our job to protect our lusers from viruses."
or
2. Automatically take action against all reports. Thus is becomes a great
way to DoS your enemies, just report them as infected.
Since the ISP gets money from its customers, not from people who report
abuse, they will always tend towards option 1 as the number of reports
increases. Reporting abuse or infection is mostly a complete waste
of time, just like reporting spam. It might have worked a few years ago,
it generally doesn't anymore (and the exceptions get fewer all the time).
Our time would be far better invested in ways to prevent the spread of
viruses by other means rather than trying to report infections, after
it's already too late, to either ISPs who will usually do nothing, or
end users who will usually be clueless (otherwise they wouldn't have
got infected in the first place, right?)
Ben
[ reply ]