KK> There is currently no mechanism at all KK> that is part of the Internet which can lock out machines that KK> are dangerous or detrimental to the functions of the network. KK> There are no processes in place that identify users of infected KK> systems and keep them off the network.
Actually, there is. I run a Unix server dealing with a much lower volume of mail than you are, so I handled this by hand. I noticed that Sobig-infected machines were throwing off error messages that I could see in my sendmail logs -- "unexpected close on connection" - so I grepped for the error message, periodically sent myself reports, and then used tcpwrapper to bar those IP numbers. It worked very well for me. So I think it would be fairly easy to write a script that does the same thing - basically periodically checks logs and then adds IPs with certain patterns of repeat hits to a banned list. KK> It is pure luck and the foresight of the Sobig.F author to KK> timebomb his experimental cyberweapon that we still have a KK> functioning network. Well, don't count on it. I think the timebomb is because, unlike Microsoft, the Sobig author isn't comfortable leaving buggy software around. So he is using each release to debug, as well as to lay the groundwork for subsequent releases. Of course, like any parasite, Sobig does depend on having functioning computer networks to fulfill its purpose - so you may be right that the Sobig author wants to take care not to completely destroy the functioning of networks such as your. -Abigail ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
