[59149] in North American Network Operators' Group
Re: Mobile code security (was Re: rr style scanning of non-customers)
daemon@ATHENA.MIT.EDU (Brandon Butterworth)
Mon Jun 16 12:10:23 2003
Date: Mon, 16 Jun 2003 17:09:38 +0100 (BST)
From: Brandon Butterworth <brandon@rd.bbc.co.uk>
To: nanog@merit.edu
Errors-To: owner-nanog-outgoing@merit.edu
> I think pauls point may be:
> If they use text based mailers
I know, intrinsically safe is good but that's not what managment
wants so you end up with bodges to make their choices safer. Some
people may go too far
> It's a lot harder to open up a microsoft executable on a *nix
> machine than a windows machine.
We have ongoing pressure to switch to MS based systems to tie in with
corporate stuff (being a Unix island is hard) so this problem interests
me, we've thought about filtering but more extracting info where
possible rather than rejecting (so your text/plain would get turned
into plain text). We'd reject html only along with various document formats
> If your abuse desk can't take the complaint, you can't do anything
> about it. The abuse/security desks are in most cases small, understaffed
> and hidden to prevent them from being overworked yet do enough that
> you're not called a spam/abuse harborer.
Often filtered through a front desk that risk breaking it
or running it.
I think holding those messages somewhere someone with a clue can look
at them if they need to and only passing plain text through
intermediate systems & people is best. We'd like to be able to see the
virus for forensics so we're not going to be allowed to get these
messages anywhere near Exchange anyway.
brandon
