Re: Bug#207300: tmda: Challenge-response is fundamentally broken
On Thu, 28 Aug 2003 21:35, Karsten M. Self wrote:
> Which is a damned good reason for Debian not to package
> viruses and spam mailers. Or tools which can be readily subverted as
> such.
My Postal program can be used for DOS attacks on mail servers, and has been
used for such on at least one occasion (*).
I disagree with your conclusions regarding putting viruses in Debian. I think
it would be a useful service for people who analyse such things to have
copies of viruses in usable form. I am not requesting them only because
arbitary archives of files don't belong in Debian. Debian packages are for
programs that comprise parts of the distribution and for data files used for
them, not arbitary other data.
I believe that Linux based tools for auditing network security belong in
Debian. We rightly have nmap and nessus, other tools of a similar nature
also belong in Debian.
If DMCA issues prevent distribution of such things through the US then they
can go in non-US.
(*) An idiot complained to me because the URL for Postal was in the headers
of the thousands of messages they received. It didn't occur to them that the
URL was there to inform any victim of an attack of what they were facing, and
is also intended to be a conveniant header string that can be blocked in a
mail server to stop such an attack. Presumably other more intelligent people
had their servers attacked by Postal and were smart enough to configure their
header checks without bothering me.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
Reply to: