On Sat, Sep 13, 2003 at 10:59:37PM -0700, Abigail Marshall wrote: > KK> There is currently no mechanism at all > KK> that is part of the Internet which can lock out machines that > KK> are dangerous or detrimental to the functions of the network. > KK> There are no processes in place that identify users of infected > KK> systems and keep them off the network. > > Actually, there is. I run a Unix server dealing with a much > lower volume of mail than you are, so I handled this by > hand. I noticed that Sobig-infected machines were throwing > off error messages that I could see in my sendmail logs -- > "unexpected close on connection" - so I grepped for the > error message, periodically sent myself reports, and then > used tcpwrapper to bar those IP numbers. It worked very well > for me.
Similar things did SpamAssassin do for me. But this is not a solution. It may have worked for you, but these machines were still on the network, wasting bandwidth and spamming other machines. My point was that there is no mechanism to propagate your findings back to the source, either to the owners of these machines or any of their upstream providers. There is no way to shut such machines off at the source in order to protect the remaining network and to give the machines owners opportunity correct the mishaviour of their machinery. If the Internet was a properly built infrastrructure with self-protection and self-service mechanisms as an integral part of it, it would have mechanism to detect detrimental behaviour and react accordingly. It does not, that that's what Sobig.F illustrated. Kristian ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
