Hosting Provided By

Re: BOTNET Exceptions for Today

From: Andy Sutton <newslists(at)pessimists.net>
Date: Tue Aug 21 2007 - 17:56:27 EDT

On Tue, 2007-08-21 at 13:42 -0700, John Rudd wrote:
> b) Botnet gets 0% false positives at one of my services (not just
> "borked DNS == bad", as you're suggesting, but actual "everything that
> triggered botnet was actually spam"). And, yes, I actually check

I never suggested that. My thoughts were more along the lines of business critical email (oxymoron I know) that is sent from a clueless setup. I'm glad you have not run into that situation yet, but as time goes on the probability of FP increases to 1. That goes with any setup, not just botnet specific ones.

> You might want to have an actual basis for your claims before you go
> off making poorly informed generalizations about other people's mail
> environments.

A bit tetchy today? I'm not saying botnet is bad, as it obviously works for a lot of people. I also think it's great that you decided to share your work. However, you have to agree 0% FP is similar to saying 100% uptime. It may be fact right now, but tomorrow is always a different story.

-- 
- Andy

The test of courage comes when we are in the minority. The test of 
tolerance comes when we are in the majority.
  - Ralph W. Sockman

Received on Tue Aug 21 17:57:27 2007

This message: [ Message body ]
Next message: Michael Chapman: "Re: Blacklist problems!"
Previous message: Matthias Leisi: "Re: Blacklist problems!"
In reply to: John Rudd: "Re: BOTNET Exceptions for Today"
Next in thread: Michael Alan Dorman: "Re: BOTNET Exceptions for Today"
Reply: Michael Alan Dorman: "Re: BOTNET Exceptions for Today"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Oct 24 2007 - 23:25:48 EDT