[Esd-l] badtrans ad infinitum
John D. Hardin
jhardin at impsec.org
Wed Nov 28 11:12:01 PST 2001
On Wed, 28 Nov 2001, Christian Parigger wrote:
> just the way things seem to be in life. I fully appreciate your
> upgrades, yet certainly I am/ we are not 'infinitely' save.
No, the sanitizer is only one part of a multilayered defense system.
You still need firewalling, and antivirus, and so forth.
> One idea would include the use of portsentry-alike protection for
> flodding from certain sites, although I am not certain how to do
> that with email, viz. if more than so-many "active emails" come
> from a site per hour or day, block the site (I'd know how to that
> with attacks on ports to a reasonable degree).
I don't know that it would be useful for worms. A worm storm is more
along the lines of a DDoS attack - you're being nibbled to death by
ducks, rather than having one site flooding you.
> I/we have been flodded with Sircam back in July, whereby
> "overfloweth" resulted in my/our quarantine. Therefore, the milder
> solution would perhaps be to blackhole (or bit-bucket into
> /dev/null) active email received at a set rate from certain sites
> (rather than blocking the whole site).
Okay, that may be possible at a lighter weight than sanitizing each
message.
How do you define "active email" ?
--
John Hardin KA7OHZ ICQ#15735746 http://www.impsec.org/~jhardin/
jhardin at impsec.org pgpk -a jhardin at wolfenet.com
768: 0x41EA94F5 - A3 0C 5B C2 EF 0D 2C E5 E9 BF C8 33 A7 A9 CE 76
1024: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
In 1998 more than three times as many people in the US were killed
by incompetent physicians than were killed by handguns, yet the
President of the A.M.A. is adopting "gun safety" as his platform.
-----------------------------------------------------------------------
1070 days until the Presidential Election
More information about the esd-l
mailing list