Full Disclosure mailing list archives
Re: Backdoor not recognized by Kaspersky
From: Rodrigo Barbosa <rodrigob () suespammers org>
Date: Wed, 3 Mar 2004 20:58:10 -0300
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, Mar 03, 2004 at 04:51:40PM -0600, Ron DuFresne wrote:
how about the smtp server simply rejecting mail from spoofed hosts ? as all the viruses generate spoofed hosts and it is very easy for any smtp server to do a dns lookup on the sending server, if the hostname / ip address do not match reject the message.Finally some sanity marks this thread!
And now is my turn to untimely jump into the discussion. My feeling about this is that the MDA should not be responsible to reject the messages. At least, not always, the exception being networks where the security rules demand these messages to be automaticaly rejected. My idea is that the MDA simply tag the messages, and that the MUA, either localy or using some POP-like protocol, read the flag and, following users configurations, either dump or accept the message. This point comes to my mind after having serious problems with ISPs rejecting emails that were destined to me, but were not spam. Currently, I'm having serious problems receiving e-mails from a business partner at Korea, cause the ISP simply decided to drop all e-mails from that company's netblock. Mandatory restrictions and controls can easily became a problem as big as virus and spam (moneywise). The end point should be allowed some degree of control over that is received or not. We must keep in mind that even big companies can have DNS errors, and missconfigured mail server, and simply blocking that e-mail by default can cause severe losses, both of time and money. - -- Rodrigo Barbosa <rodrigob () suespammers org> "Quid quid Latine dictum sit, altum viditur" "Be excellent to each other ..." - Bill & Ted (Wyld Stallyns) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQFARnESpdyWzQ5b5ckRAnGqAKCmahEMf5ycqjzI3twFHhq2Axfb3ACgmp0c WXWyLSZwQgXqR33Wwi5z5+k= =VYWp -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: Backdoor not recognized by Kaspersky, (continued)
- RE: Backdoor not recognized by Kaspersky Full-Disclosure (Mar 03)
- Re: Backdoor not recognized by Kaspersky Suresh Ponnusami (Mar 03)
- Re: Backdoor not recognized by Kaspersky Gregor Lawatscheck (Mar 03)
- Re: Backdoor not recognized by Kaspersky Cael Abal (Mar 03)
- Re: Backdoor not recognized by Kaspersky Bart . Lansing (Mar 03)
- Re: Backdoor not recognized by Kaspersky Cael Abal (Mar 03)
- Re: Backdoor not recognized by Kaspersky Gregor Lawatscheck (Mar 03)
- Re: Backdoor not recognized by Kaspersky Valdis . Kletnieks (Mar 04)
- Re: Backdoor not recognized by Kaspersky Gregor Lawatscheck (Mar 03)
- RE: Backdoor not recognized by Kaspersky Aditya, ALD [Aditya Lalit Deshmukh] (Mar 03)
- RE: Backdoor not recognized by Kaspersky Ron DuFresne (Mar 03)
- Re: Backdoor not recognized by Kaspersky Rodrigo Barbosa (Mar 03)
- Re: Backdoor not recognized by Kaspersky Michael Gale (Mar 03)
- Re: Backdoor not recognized by Kaspersky Nick FitzGerald (Mar 03)
- SMTP open relays and RFC (was: Backdoor not recognized by Kaspersky) Martin Mačok (Mar 04)
- Message not available
- Re: Backdoor not recognized by Kaspersky Rodrigo Barbosa (Mar 04)
- RE: Backdoor not recognized by Kaspersky Nick FitzGerald (Mar 03)
- Re: Backdoor not recognized by Kaspersky Alexander MacLennan (Mar 03)
- RE: Backdoor not recognized by Kaspersky Nick FitzGerald (Mar 03)
- SMTP rejecting wrong HELO/EHLO domains will save the world (was: Backdoor in passworded ZIP not recognized by Kaspersky) Martin Mačok (Mar 03)
- Re: Backdoor not recognized by Kaspersky Valdis . Kletnieks (Mar 04)
- Re: Backdoor not recognized by Kaspersky Nick FitzGerald (Mar 03)