Well, if the from address was consistently big@private you could filter it out via a mail proxy or anti-spam system. However, since the address may change that probably isn't possible. Basically you would need some kind of reactive and dynamic filtering product that sits before your mail server. Trend Micro has a virus wall product that can drop emails that contain known intrusions. Other in-line prevention systems like attack mittigator from Top Layer would have that capability as well. ___________________________________ Andrew Plato, CISSP President / Principal Consultant Anitian Corporation 503-644-5656 Office 503-644-8574 Fax 503-201-0821 Mobile www.anitian.com ___________________________________ -----Original Message----- From: Brent Irwin [mailto:birwin@private] Sent: Monday, January 20, 2003 8:15 AM To: crime@private Subject: CRIME WORM_Sobig.A blocked but dealing with the residual address... My servers have been consistently visited by our new best friend "WORM_Sobig.A." Fortunately, our Filtering software has been able to block it. We are able to strip the attached file and all the contents but we are still receiving email from various IP hosts claiming to be "big@private". Any idea how I can filter this? I am unable to filter the address since the IP addresses are most likely forged and the sender addresses are constantly changing. Thanks for your help, B r e n t I r w i n I n f r a s t r u c t u r e M a n a g e r D e s k t o p S u p p o r t a n d E n g i n e e r i n g D e s k t o p I n f r a s t r u c t u r e a n d S e r v i c e s
This archive was generated by hypermail 2b30 : Mon Jan 20 2003 - 16:37:05 PST