[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bouncing SoBig.F mail (was: RE: [Full-Disclosure] SoBig.F strange problem)

To: <full-disclosure@lists.netsys.com>
Subject: bouncing SoBig.F mail (was: RE: [Full-Disclosure] SoBig.F strange problem)
From: "Alan Rouse" <ARouse@n2bb.com>
Date: Wed, 20 Aug 2003 12:06:29 -0400

Doesn't this just result in sending spam to innocent parties?  Remember,
the addresses are spoofed.  Seems to me it just doubles the amount of
bogus mail flying around as a result of SoBig.F.  I've been seeing this
kind of messages, and I don't need the additional spam!  

IMO it is much better just to drop the message and forget it.

-----Original Message-----
From: Stephen Clowater [mailto:steve@stevesworld.hopto.org] 
Sent: Wednesday, August 20, 2003 10:26 AM
To: full-disclosure@lists.netsys.com
Subject: Re: [Full-Disclosure] SoBig.F strange problem


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I started getting 1000-2000 an hour yesterday, I just went to all the
border routers and put a filter on 25 to drop those connections and send
a notice to the From feild of the smtp query, and a QUIT to the
mailserver it was connecting to.

I'd recomend doing this, its easy to do in freeBSD, all my borders are
freeBSD so I havent tried it on anything else yet :)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Prev by Date: RE: [Full-Disclosure] Administrivia: Testing Emergency Virus Filter..
Next by Date: [Full-Disclosure] RE: Certs.
Prev by thread: RE: [fd] RE: [Full-Disclosure] [Fwd: Edwards AFB shut down by W32Blaster] (fwd)
Next by thread: [Full-Disclosure] RE: Certs.
Index(es):
- Date
- Thread