[Esd-l] Discouraging SECURITY_NOTIFY_SENDER

Sergio Cesar sergio at winc.net
Wed Sep 10 06:39:45 PDT 2003


It would be nice to have a list of ip addresses and email addresses for
notification where the system would send the notification to the address of
the postmaster or the IT support in charge of that IP add or system
overriding the sender address.

Have a case here of a local ISP that could care less that several of their
customers are infected and spewing traffic. He did not do a thing until I
started to manually forward every warning I got to him.. he fixed the
problem in 1 hour. :)

Sergio


-----Original Message-----
From: esd-l-bounces at spconnect.com [mailto:esd-l-bounces at spconnect.com]On
Behalf Of John D. Hardin
Sent: Tuesday, September 09, 2003 8:39 AM
To: Juan Maria Gil
Cc: esd-l at spconnect.com
Subject: Re: [Esd-l] Discouraging SECURITY_NOTIFY_SENDER

On Tue, 9 Sep 2003, Juan Maria Gil wrote:

> I get your point, surely my problems come from administrators who
> have disabled the "smart reply" feature.

Also, if a local-rules recognition pattern is written for a
known-forging worm (e.g. SoBig.F) then we can turn off sender
notification explicitly.

--
 John Hardin KA7OHZ    ICQ#15735746    http://www.impsec.org/~jhardin/
 jhardin at impsec.org                        pgpk -a jhardin at impsec.org
 key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
What nuts do with guns is terrible, certainly. But what evil or crazy
people do with *anything* is not a valid argument for banning that item.
                                  -- John C. Randolph <jcr at idiom.com>
-----------------------------------------------------------------------
   12 days until Galileo is deorbited

_______________________________________________
Esd-l mailing list
Esd-l at spconnect.com
http://www.spconnect.com/mailman/listinfo/esd-l



More information about the esd-l mailing list