Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

RE: [inbox] Re: Re: E-Mail viruses
From: "Curt Purdy" <purdy () tecman com>
Date: Mon, 8 Mar 2004 15:46:24 -0600

Valdis.Kletnieks wrote:
It's not 3^36, which is multiple billions, it's only 36^3,
which is 46,656.

And only one has to get through to an idiot.

Anybody else got a mail server that blocked more than that
many Netsky's
this weekend alone?  Draw the obvious conclusion here...

And *that* was why I was dubious as to the real usefulness...

I don't care if it is only 46.  The whole point was I don't care if the
whole world knows our proprietary extension.  No virus writer is going to
waist time pointing her 0-day worm at us.  The whole idea is to spread as
much as possible, so they will pick standard extensions only.  If it is not
a 0-day, our AV server will kill it anyway. This mehtodology has stopped
100% of all virus attachments since institution.  Our AV server is getting
bored, having nothing to do.

In addition I don't get up at 5am anymore to scan the lists for the newest
outbreak. The peaceful sleep alone is proof of it's usefullness.

Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA
Information Security Engineer
DP Solutions

----------------------------------------

If you spend more on coffee than on IT security, you will be hacked.
What's more, you deserve to be hacked.
-- White House cybersecurity adviser Richard Clarke

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]