the thing that actually burns my hash, is when my spam
complaints or noc correspondance are robotically bounced because they
contain dangerous mime attachments of type "message/rfc822" (spam
examples) or "text/plain" (traceroute or tcpdump output). if your noc
or abusedesk has such a robot protecting it, you ought to be ashamed.
Or they may be happy thinking their NOC is more 0day virus proof rather
than hoping a 3rd party will update their scanner in time
Who'd want to risk the NOC falling to the same problem that's just
taken out the network they're trying to fix?
brandon
I think pauls point may be:
If they use text based mailers (eg: mutt, pine, elm, /bin/Mail,
mh, etc..) they won't risk being infected except by the rare buffer
overflow that might be out there. The risk-reward comparison that I
can easily see here is that if I were to be running an abuse desk and
my people were using a fully integrated click-open or click-execute
mailer on the desktop, the chances of getting infected are a lot higher
than if I give someone an xterm, tell them to use pine/mutt and some
additional ticketing system (RT for example, or other systems i've seen
that can aggregate the abuse complaints based on headers, etc..).
It's a lot harder to open up a microsoft executable on a *nix
machine than a windows machine.
If your abuse desk can't take the complaint, you can't do anything
about it. The abuse/security desks are in most cases small, understaffed
and hidden to prevent them from being overworked yet do enough that
you're not called a spam/abuse harborer.
- Jared
A NOC or abuse desk that figuratively puts its hands over its eyes
by blocking a signficant subset of trouble reports is arguably as
useless as one that is hit by a virus. The most clueful reports are
going to be the ones with some evidence attached or included.
I think the point was that there are some other alternatives between
the two opposing extremes of bouncing all email with text attachments
on the one hand and leaving yourself completely unprotected on the other.