[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] Virus email

Subject: Re: [cobalt-users] Virus email
From: Jeff Lasman <jblists@xxxxxxxxxxxxx>
Date: Tue Dec 19 09:06:03 2000
Organization: nobaloney.net
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

"webmaster@xxxxxxxxxxxx" wrote:

> >Presuming so, then someone has
> >connected directly to your system from a dialup IP#,
> >slip-32-101-140-168.mo.us.prserv.net.  The first step would be to notify
> >abuse@xxxxxxxxxxx  While the address should work, it may not, so do a CC
> >to postmaster@xxxxxxxxxxx
> 
> The thing is I don't think it is intentional (That's my opinion. ..I
> could be wrong)and it's not like that's the only source. I'd also
> have to notify:
> 
> acessonet.com.br

...<balance of list snipped>...

Sorry, I thought that notify the senders was exactly what you DID want
to do.

> >You might want to also look into configuring sendmail to refuse mail
> >from all dialup IP# blocks.
> 
> I think that's a little extreme since what if someone on a dialup
> connection needed to email me.  Wouldn't their non-virus email also
> be bounced by configuring sendmail to refuse dialup IP#'s.

Yes.  but then you need to ask yourself who would be using a dialup IP#
to send you email?  The fact is almost no-one.  We generally use our
ISP's mailserver (I use my own; you can look at the headers on this post
and see what I mean, and visit my site at "http://www.mailtraqna.com/";
for more information if you wish), and it's IP# is NOT a dialup IP#.  In
general only spammers use dialup IP#s for mailservers.  In this
increasingly paranoid world, it's no longer considered "a bad thing" to
refuse email from dialup IP#s.

My guess (I haven't taken the time to verify it; you may if you wish) is
that the virus actually operates as a mailserver to connect to your
machine directly; if that's the case, then blocking dialup IP# ranges
would work to stop it.

> I know it's a waste of bandwidth, but for now, a filter that
> automatically forwards this stuff to the trash works.

My solutions waste some bandwidth, but do refuse the email after just
seeing the connection dialogue.

> Out of curiosity, what does this virus "do" on the windows platform?
> Does it forward you to a website, play a game or is it just a
> faceless background application?

Don't know <smile>; never been infected.

Jeff
-- 
Jeff Lasman <jblists@xxxxxxxxxxxxx>
nobaloney.net
P. O. Box 52672
Riverside, CA  92517
voice: (909) 787-8589  *  fax: (909) 782-0205

Follow-Ups:
- Re: [cobalt-users] Virus email
  - From: Kevin D

References:
- [cobalt-users] Sun and Raq and the Virus email
  - From: Alfredo
- Re: [cobalt-users] <Sun and Raq and the> Virus email
  - From: Graeme Fowler
- Re: [cobalt-users] Virus email
  - From: webmaster@xxxxxxxxxxxx
- Re: [cobalt-users] Virus email
  - From: Jeff Lasman
- Re: [cobalt-users] Virus email
  - From: webmaster@xxxxxxxxxxxx
- Re: [cobalt-users] Virus email
  - From: Jeff Lasman
- Re: [cobalt-users] Virus email
  - From: webmaster@xxxxxxxxxxxx

Prev by Date: Re: [cobalt-users] cobaltracks down time... how has it been?
Next by Date: Re: [cobalt-users] Fw: Patch update failed
Previous by thread: [cobalt-users] Sendmail host issue
Next by thread: Re: [cobalt-users] Virus email

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index