[Asrg] Meta channel, not bounces
Seth
sethb at panix.com
Thu Jan 15 15:39:54 PST 2009
"Chris Lewis" <clewis at nortel.com> wrote:
> It is technically possible (in fact trivial in many cases) to
> instrument a MTA to automatically generate and send ARF in real
> time. Even assuming that the MTA can figure out the _right_ place
> to send the ARF, it becomes a WMD.
>
> Imagine, if you will, everybody did it. Some moderately sized site
> gets a reasonably prolific (single) infection, and spews out a few
> million viruses. You're expecting the site's MTAs to handle a few
> million ARFs, when only one _should_ suffice.
If one suffices, then the site immediately closes or blocks the
infected machine, and it doesn't get all that many notices.
> If broadly implemented, it'd cause global meltdown.
For a value of "global" closer to "sites that don't react to their
infections in a sufficiently timely manner".
> God help us all if the site receiving the ARF somehow doesn't
> recognize it as ARF, and replies with its own ARFs.
It would be better to create a new protocol for the ARF responses
(even if it's just email on a new port, though I'd include some
extensions to allow for "Report of virus emitter on <IP>" "I already
know" "QUIT")
Seth
More information about the Asrg
mailing list