[Esd-l] badtrans ad infinitum

Michael Ghens michael at spconnect.com
Wed Nov 28 09:53:01 PST 2001 

What is interesting about some of these "viruses" is that they can also be 
caught by some spam checkers.

A good program that is free is dcc from Rhyolite (http://www.Rhyolite.com)

On Wed, 28 Nov 2001, Christian Parigger wrote:

> Date: Wed, 28 Nov 2001 09:23:20 -0600
> From: Christian Parigger <cparigge at utsi.edu>
> To: John D. Hardin <jhardin at impsec.org>
> Cc: Esd-l at spconnect.com
> Subject: Re: [Esd-l] badtrans ad infinitum
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> John,
> 
>  Your "sanitizer" has been very useful, yet I have 'imposed' a rather
> stringent policy almost without
>  relaxing things. Some actually object by having this protection, and
> the ones that object have recently
>  received and had blocked  badtrans. That's just the way things seem
> to be in life. I fully appreciate 
> your upgrades, yet certainly I am/ we are not 'infinitely' save.
> 
>  One idea would include the use of portsentry-alike protection for
> flodding from certain sites, although
>  I am not certain how to do that with email, viz. if more than
> so-many "active emails" come from a site
>  per hour or day, block the site (I'd know how to that with attacks
> on ports to a reasonable degree).
> 
>  I/we have been flodded with Sircam back in July, whereby
> "overfloweth" resulted in my/our quarantine. Therefore,
>  the milder solution would perhaps be to blackhole (or bit-bucket
> into /dev/null) active email received at a 
>  set rate from certain sites (rather than blocking the whole site).
> 
>  Chris
> 
>  P.S.: I'd be happy to send an e-mail as well, as long as we do not
> generate an agreed DoS I'd have to say.
> - ----- Original Message ----- 
> From: "John D. Hardin" <jhardin at impsec.org>
> To: "Email Security Discussion list" <Esd-l at spconnect.com>
> Sent: Wednesday, November 28, 2001 8:49 AM
> Subject: [Esd-l] badtrans ad infinitum
> 
> 
> > My quarantine overfloweth.
> > 
> > Does anybody know BillG's email address so we can all do something
> > useful with these damned things?
> > 
> > --
> >  John Hardin KA7OHZ    ICQ#15735746   
> > http://www.impsec.org/~jhardin/ 
> >  jhardin at impsec.org                       pgpk -a
> > jhardin at wolfenet.com 
> >   768: 0x41EA94F5 - A3 0C 5B C2 EF 0D 2C E5  E9 BF C8 33 A7 A9 CE
> > 76  
> >  1024: 0xB8732E79 - 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873
> > 2E79
> > --------------------------------------------------------------------
> > --- 
> >   In 1998 more than three times as many people in the US were
> > killed 
> >   by incompetent physicians than were killed by handguns, yet the
> >   President of the A.M.A. is adopting "gun safety" as his platform.
> > --------------------------------------------------------------------
> > --- 
> >    1070 days until the Presidential Election
> > _______________________________________________
> > Esd-l mailing list
> > Esd-l at spconnect.com
> http://www.spconnect.com/mailman/listinfo/esd-l
> 
> -----BEGIN PGP SIGNATURE-----
> Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>
> 
> iQA/AwUBPAUBYvXtEP0C+OkfEQK4oQCfbCKU7V7Iu+vdUs6agDl44DzyM+wAnAkT
> uo4+JgWk/Wle4W3OXtIcOluq
> =JVsC
> -----END PGP SIGNATURE-----
> _______________________________________________
> Esd-l mailing list
> Esd-l at spconnect.com
> http://www.spconnect.com/mailman/listinfo/esd-l
>

More information about the esd-l mailing list