Clueless anti-virus products/vendors (was Re: Sober)
Edward B. Dreger
eddy+public+spam at noc.everquick.net
Thu Dec 8 02:06:40 UTC 2005
DO> Date: Wed, 7 Dec 2005 17:02:51 -0800
DO> From: Douglas Otis
DO> > Hmmmm. BATV-triggered bounces. Virus triggers forged bounce which in
DO> > turn triggers "your DSN was misguided" bounce. Perhaps the bandwidth
DO> > growth of the '90s will continue. ;-)
DO>
DO> BATV should not trigger any bounce as this only changes the local-part of
DO> the bounce-address (a.k.a return-path). BATV allows quick rejection of the
DO> session when a spoof is detected before any message is exchanged. This
I've read the spec.
DO> should alleviate your concerns about bandwidth. It would also depreciate
I usually don't use humor-related smileys when I'm worried.
DO> this tactic and further reduce related traffic. Being sensitive about
DO> spoofed DSNs, one would expect to hear accolades for BATV rather than
DO> berating.
Wouldn't it be nice to let people know their DSNs are misplaced? Or
does that only apply to viruses and worms? ;-)
So much for "be conservative in what you send and liberal in what you
accept". Yes, BATV helps block the errant DSNs. It's just a shame that
we seem to be shifting responsibility to the recipient, treating the
symptom instead of the disease.
Eddy
--
Everquick Internet - http://www.everquick.net/
A division of Brotsman & Dreger, Inc. - http://www.brotsman.com/
Bandwidth, consulting, e-commerce, hosting, and network building
Phone: +1 785 865 5885 Lawrence and [inter]national
Phone: +1 316 794 8922 Wichita
________________________________________________________________________
DO NOT send mail to the following addresses:
davidc at brics.com -*- jfconmaapaq at intc.net -*- sam at everquick.net
Sending mail to spambait addresses is a great way to get blocked.
Ditto for broken OOO autoresponders and foolish AV software backscatter.
More information about the NANOG
mailing list