On Mon, Jun 16, 2003 at 03:43:41PM +0100, Brandon Butterworth wrote:
the thing that actually burns my hash, is when my spam complaints or noc correspondance are robotically bounced because they contain dangerous mime attachments of type "message/rfc822" (spam examples) or "text/plain" (traceroute or tcpdump output). if your noc or abusedesk has such a robot protecting it, you ought to be ashamed.
Or they may be happy thinking their NOC is more 0day virus proof rather than hoping a 3rd party will update their scanner in time
Who'd want to risk the NOC falling to the same problem that's just taken out the network they're trying to fix?
I think pauls point may be: If they use text based mailers (eg: mutt, pine, elm, /bin/Mail, mh, etc..) they won't risk being infected except by the rare buffer overflow that might be out there. The risk-reward comparison that I can easily see here is that if I were to be running an abuse desk and my people were using a fully integrated click-open or click-execute mailer on the desktop, the chances of getting infected are a lot higher than if I give someone an xterm, tell them to use pine/mutt and some additional ticketing system (RT for example, or other systems i've seen that can aggregate the abuse complaints based on headers, etc..). It's a lot harder to open up a microsoft executable on a *nix machine than a windows machine. If your abuse desk can't take the complaint, you can't do anything about it. The abuse/security desks are in most cases small, understaffed and hidden to prevent them from being overworked yet do enough that you're not called a spam/abuse harborer. - Jared -- Jared Mauch | pgp key available via finger from jared@puck.nether.net clue++; | http://puck.nether.net/~jared/ My statements are only mine.