On Fri, 24 Jun 2005, /dev/rob0 wrote: > On Friday 24 June 2005 09:37, Jan Engelhardt wrote: > > >Most if not all of the listed domains were personally researched by > > > me. That's the weakness of this, though: it's impossible to keep > > > ahead of the spammers and other ratware peddlers in this arms race. > > > > Just look into the named and/or squid logs and see what users (or > > programs acting on their behalf) request. > > Yes, that would be the methodology, but it should be done in a > controlled environment. Some, and now perhaps most, of our squid > traffic is legitimate. > > What is needed is a network "clean room". A fresh Windows install with > monitored outbound access. Using Outhouse Distress, activate a known > virus email, watch what it does. Using Internet Exploder, visit a known > malicious IIS site, and see the results. Heck.. just put the windows box behind a NAT-ting linux box.. just log the NEW connections, and adjust from there.. probably be more likely than having a non-infected windows box.. :) Thanks for you insight! Carl - -- "There are 10 types of people in the world: Those who understand binary and those that don't."
