[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Full-Disclosure] AV "feature" does more DDoS than Sobig

To: "'madsaxon'" <madsaxon@direcway.com>, <full-disclosure@lists.netsys.com>
Subject: RE: [Full-Disclosure] AV "feature" does more DDoS than Sobig
From: "Richard M. Smith" <rms@computerbytesman.com>
Date: Thu, 28 Aug 2003 10:28:49 -0400

   >>> Any sort of automated response based on perceived 
   >>> sender IP address is not only brain-dead, but irresponsible.

In the case of Sobig, it's the return email address which is false.  The
bogus warning messages are being sent to these forged email addresses. 

The originating IP address in the email headers of a Sobig message
should be accurate in most cases.  Sobig talks directly to the SMTP
server for the email address that Sobig is sending a copy of itself to.


Richard


#################################################################
#################################################################
#################################################################
#####
#####
#####
#################################################################
#################################################################
#################################################################

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- Re: [Full-Disclosure] AV "feature" does more DDoS than Sobig
  - From: madsaxon <madsaxon@direcway.com>

Prev by Date: RE: [Full-Disclosure] AV "feature" does more DDoS than Sobig
Next by Date: Re: [Full-Disclosure] AV "feature" does more DDoS than Sobig
Prev by thread: Re: [Full-Disclosure] AV "feature" does more DDoS than Sobig
Next by thread: Re: [Full-Disclosure] AV "feature" does more DDoS than Sobig
Index(es):
- Date
- Thread