[clug] [AUSCERT ALERT - Email worm W32.Beagle.A/Win32.Bagle.A]

Nemo -earth native- nemo at nut.house.cx
Mon Jan 19 15:06:58 GMT 2004

On Mon, Jan 19, 2004 at 09:39:39PM +1100, Martin Pool did utter:

> You want to send bounce messages in response to worms that always
> generate forged addresses?  In other words, where you are guaranteed
> to annoy the wrong person?  Wow.  What's your netblock?

Well, not bounces - as we eventually realised in other parts of the
thread. It is a good point that if the assumption is made that these are
all worm generated, then there is no point in doing anything but
dropping the mail to the floor. (most efficient way of doing that after
accepting transmission of the message?)

For a business solution though, I'd prefer to send a reject that at
least in some minor way informs the sending system why it wasn't
accepted. In an ideal world (ok, in an ideal world we wouldn't have spam
and email worms) ... in a more ideal scenario, my bayesian spamfilter
would work more intimately with my mailserver, and along with some other
rules, I might (for example) drop to the floor any mails with .exe
attachments if they were from any address previously unknown. Once an
address gets to me as ham once, then future mails from that address
would allow executables... 

However, if I'm gonna dream idealisms, I'll save my bacon for a world
with no ham, no spam... in fact, no pigs at all. (I was really busting
my pork chops to come up with those puns. But you can't always make a
silk purse out of a sows ear...

  ------------------------------------------ --------------------------
                                                    earth native

More information about the linux mailing list