On 10/12/2011 5:10 AM, andy pugh wrote: > No more checking the forums / docs pages from work for me any more: > > "Based on your corporate access policies, this web site ( > http://www.linuxcnc.org/ ) has been blocked because it has been > determined to be a security threat to your computer or the corporate > network. This web site has been associated with malware/spyware. > > If you have questions, please contact your corporate network > administrator and provide the codes shown below. > > -------------------------------------------------------------------------------- > Notification codes: (1, MALWARE_GENERAL, BLOCK-MALWARE, , 0x3409b6c0, > 1318410577.130, QAAAAQAAAAAAAAAAJv8ACP8AAABAAAAAAAAAAA==, > http://www.linuxcnc.org/) " Andy et al.:
Google didn't help me identify the software emitting the Notification Codes you reported. Surprisingly (to me, anyway), Bing did. I believe you are running headlong into a Cisco IronPort router. Looking at www.senderbase.org (Cisco's IronPort Security portal), I find their reputation rating for www.linuxcnc.org is "poor". Why? It doesn't say, specifically. Unfortunately, the organizations that provide blacklists share information with each other so this rating could have resulted from information that originated almost anywhere. Fer instance, Trend Micro says the underlying IP 69.163.248.64 for www.linuxcnc.org appears in one of its databases. Why? It doesn't say. This IP belongs to DreamHost. Possibly www.linuxcnc.org is getting dinged because of some other website hosted by DreamHost that shares the same IP. I think it likely you have zero chance of getting your systems' folk to poke a hole in their router. From their perspective, there is little upside if they do it right and potentially a huge downside if they do it wrong. I'm sure they are content to let it update its blacklist from the Cisco database regularly without interference. The response I usually got from our network/system admins whenever I had this kind of problem was the same as the punchline to the old joke "doctor, it hurts when I do this"---so don't do it. I can't say I blame them. I never met one who was adequately resourced to do the job and the ones that got really good at their job usually got promoted out of it. They were the lucky ones. In this line of work, people tend to remember only the bad stuff that happens on your watch. As my first boss used to say, one "aw shit" erases a hundred "atta boys." As others have pointed out, there is more than one technology available to drill through your firewall but I can't really recommend this approach. To your employer, your behavior becomes indistinguishable from that of a true blackhat renegade. Besides, if you really did receive a malware payload this way, you'd never live it down. Good Luck... Regards, Kent ------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity and more. Splunk takes this data and makes sense of it. Business sense. IT sense. Common sense. http://p.sf.net/sfu/splunk-d2d-oct _______________________________________________ Emc-users mailing list Emc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/emc-users
