[Emerging-Sigs] Blocks based on IP alone

waldo kitty wkitty42 at windstream.net
Sun Oct 17 19:25:00 EDT 2010


On 10/17/2010 17:47, evilghost at packetmail.net wrote:
> For me, I don't care, infection is infection and we drop the box and
> re-image.  Our policy is such that infected boxes are nuked from orbit
> so we're not playing the "malware cleanup" game and perhaps ending up
> with false-negatives resulting in persisting infection.

+100000000000Ad-infinitum

this is reminiscent of back in the day of w9x boxen and no one really having a 
good handle on these things... the best shot back then was to 
"slick'n'reload"... many customers/clients (there is a difference ya know? ;P) 
learned the hard way about making verified backups ;)


More information about the Emerging-sigs mailing list