[Dshield] new Netsky.b virus - quick analysis (incl. hexdump)

John Sage jsage at finchhaven.com
Fri Feb 20 16:36:03 GMT 2004

I usually avoid these philosophical digressions at all costs, but
fools rush in...

On Thu, Feb 19, 2004 at 09:49:09PM +0100, Tony Earnshaw wrote:

> Subject: Re: [Dshield] new Netsky.b virus - quick analysis
> (incl. hexdump) 
> From: Tony Earnshaw <tonye at billy.demon.nl> To:
> list at dshield.org Date: Thu, 19 Feb 2004 21:49:09 +0100
> ons, 18.02.2004 kl. 19.58 skrev Erik van Straten:
> > We may as well prohibit all email attachments.
> > 
> > We desparately need *smart* and *fast* solutions for SMTP
> > problems.  I've not seen a single useful solution that cannot be
> > bypassed, and at the same time will not render legitimate use of
> > SMTP problematic, if not totally impossible (the ultimate solution
> > may not exist).

/* snip */

> Surely it's not beyond the bounds of human intelligence (though
> probably above mine) to configure routers that are already trained
> to filter, to recognize aggressive content? Even dynamically?

This is no solution whatsoever, and in fact is a capitulation of
responsibility to some anonymous "higher authority".

Exactly *who* are you willing to give the authority to define and
delete "aggressive content" out at the big pipe, router/switch level?

What if your nation is ruled by a right-wing, evangelical, christian
government that dislikes homosexuality (as one example), or racial
diversity (as another example) and is able to compel its Office of
Fatherland Security to legally mandate filtering of that sort of
content, too?

What if a nation, so ruled, mandated that other such "aggresive
content" (read: disapproved content) be dropped in transit as the
offending packets enter the political boundaries of that right-wing

How would you know this was happening? What sort of checks and
balances would there be?

Where does midstream filtering stop, once started?

Who shall monitor the "guardians" and keep them honest?

- John
"Mad cow? You'd be mad too, if someone was trying to eat you."

More information about the list mailing list