On Wed, 20 Oct 2004 15:14:29 -0400
Hannigan, Martin [EMAIL PROTECTED] wrote:
[..]we additionally request that they resolve the RR to 127.0.0.3
before they lock out and reload the zone.
We picked 127/8 as the standard. RFC 1918 wasn't suitable
for obvious reasons.
[ I know you know this
--- Andrew D Kirch [EMAIL PROTECTED] wrote:
...
and anyone posting from yahoo/gmail/hotmail
should have their
posting rights immediately revoked because obviously
they have no claim
whatsoever to any critical Network Operations.
You had me until then: has it not occurred to you that
some
On Wed, 13 Oct 2004, David Barak wrote:
and anyone posting from yahoo/gmail/hotmail should have
their posting rights immediately revoked because
obviouslythey have no claim whatsoever to any critical
Network Operations.
You had me until then: has it not occurred to you that
some of
1. Do BCP38.
http://rfc.net/bcp0038.html
Have your CFO read SAC004.
http://www.icann.org/committees/security/sac004.htm
Implement source address validity checks.
http://www.cisco.com/en/US/tech/tk828/tk363/technologies_tech_note09186a00800f67d5.shtml
2. Filter aggressively. Run a
On Sun, 10 Oct 2004 15:06:17 -0400, James Baldwin [EMAIL PROTECTED] wrote:
Pardon for my possibly ill informed interjection. I was under the
impression that the current wind was blowing towards filtering outbound
port 25 traffic while allowing outbound authenticated port 587 traffic?
The
BS Date: Mon, 11 Oct 2004 10:52:45 -0700
BS From: Bill Stewart
BS [T]he normal definition of Internet service is to allow
BS everything unless there's a good reason not to, as opposed to
BS deny-most firewalls.
Perhaps that's part of the problem. Has AOL's SMTP proxying and
blocking driven it
Pardon for my possibly ill informed interjection. I was under the
impression that the current wind was blowing towards filtering outbound
It is not true, as I know; moreover, the day when I receive such proposal
from my ISP will be my last day with this ISP, so it will be for many
others.
On Fri, 8 Oct 2004, J. Oquendo wrote:
this since it bugs me) EV1, Everybody's Internet. Not only do they host
some botnets, malware spewing servers, spam relays, terrorists related
sites, their excuse is Well we don't know who we rent to
They don't. When you have few thousands of dedicated
On Sat, 9 Oct 2004, Stephen J. Wilcox wrote:
They dont care in that for many people, providing the computer still works,
There are plenty of people driving their cars even though they know that
their catalytic converter doesn't work properly, or their ignition is off
and they're putting
But compared to the success rate of the bot writers, the anti-bot tools
fall far behind. Some people estimate between 10 million and 30 million
Actually, there are some fine Anti Trojan (AT) tools out there. Try out
The Cleaner and BOClean.
new bots have been created this year. That number is
Yea, verily. This is not an impossible problem for this community; it is
only an impossible problem for any one of us acting totally independently.
And while the solution isn't instant, the tide CAN be turned.
Problem is, we are a fighting a war we already lost. It's put out a fire
here and
Gadi Evron wrote:
Problem is, we are a fighting a war we already lost. It's put out a
fire here and there, and break a wave while you're at it.
How about seeing some simple measures such as blocking outgoing port
25? at ISP's? Not a perfect solution, but it's a partial solution for
some of the
Blocking ports one by one and filling the Internet by application level
proxies (SMTP gateways for port 25) is not a road worth travelling.
Pete
Blocking port 25 for dynamic ranges means they can't send email, so that
drone are pretty useless for spammers on that account. Trojan horses
would
Gadi Evron wrote:
Blocking port 25 for dynamic ranges means they can't send email, so
that drone are pretty useless for spammers on that account. Trojan
horses would have to use local information for the user's own account
(from Outlook or such).
Next you'll block SIP if we start getting spam
Next you'll block SIP if we start getting spam calls? Or any other
application that pops up and is used by the same people sending spam today?
There is the issue of usability. Why does a Cable user on a dynamic
range need SMTP open?
You're fixing the symptom, not curing the cause. The
On Sat, 9 Oct 2004, Gadi Evron wrote:
Blocking port 25 for dynamic ranges means they can't send email, so that
drone are pretty useless for spammers on that account. Trojan horses
would have to use local information for the user's own account (from
Outlook or such).
my users like being
: Paul Vixie [EMAIL PROTECTED]; [EMAIL PROTECTED]
Sent: Saturday, October 09, 2004 11:13 AM
Subject: Re: short Botnet list and Cashing in on DoS
Gadi Evron wrote:
Problem is, we are a fighting a war we already lost. It's put out a
fire here and there, and break a wave while you're
there are many ways of sending spam that dont use port 25..
True, but reducing spam from millions to thousands seems like something
good, no?
individual rules are costly to implement and users wont use a service where you
have to pay more for basic services
Several big ISP's are blocking port
On Sat, 9 Oct 2004, Gadi Evron wrote:
there are many ways of sending spam that dont use port 25..
True, but reducing spam from millions to thousands seems like something good,
no?
their market wont change tho, you will just force them to use another method..
at one time open relays
i was recently chastised for posting non-operational content to nanog, and
so, while i am willing to beat the drum for source address validation, i'm
very concerned about commenting further in what has to be the 40th or 50th
version of this thread in the last ten years. with trepidation, then:
From a recent email I gather this is very off-topic, so I will try to
be brief in my reply.
(Geneva.CH.EU.*) since 3+ years. I can say from my experiences I couldn't
make any kind of communication between botnets and spam. Most Trojan codes I
have looked into doesn't have any command/action to
someone who wished to remain publically unnamed answered me by saying:
I got chastized a little while ago, too, for a single post, and told that
it was my THIRD warning (having not received any at all before). Feh.
i can't think of anyone among all nanog posters since the beginning of time
On Sat, 9 Oct 2004, Alexei Roudnev wrote:
Then get yourself a personal colo (http://www.vix.com/personalcolo/) A
dynamic ip is no place for a server of any kind.
And it IS the isp's concern. Most of them would consider running a mail
server on a home-user grade cable connection to be in
Then get yourself a personal colo (http://www.vix.com/personalcolo/) A
dynamic ip is no place for a server of any kind.
right! to use the internet as an end host/customer i have to
go get colo, transit there, ... cool!
randy
Only when they do something about it.
Trouble? When they have 40K extra users to pay for bandwidth (easily
eats up a T1 or two), it's damage enough. Besides, would you like
someone to launch cyber A-Bombs (phaa) from your network?
1. Worrying about personal privacy of their users, not wanting
Here's a link to a bugtraq post I made a couple of months ago, about
what Trojan horses are used in drone armies today, it is not really
up-to-date, but should give you a general idea:
http://seclists.org/lists/bugtraq/2004/Jul/0106.html
And now to your post...
I've been slowly compiling a list
Since we're posting articles this morning:
North Korea Has Some 600 Computer Hackers, South Korea Says
From MIT's Tech Review Newsletter:
They don't need physical nukes to create problems ... They (the North Koreans) could
just exploit our network vulnerabilities.
It's completely doable.
On Thu, Oct 07, 2004 at 07:30:20AM -0500, [EMAIL PROTECTED] wrote:
Since we're posting articles this morning:
North Korea Has Some 600 Computer Hackers, South Korea Says
That is rather interesting since North Korea appears to only have one transit
link via china. Into a cybercafe owned by
North Korea Has Some 600 Computer Hackers, South Korea Says
and in some years, they may catch up to the us
randy
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
J. Oquendo
Sent: Thursday, October 07, 2004 1:11 AM
To: [EMAIL PROTECTED]
Subject: short Botnet list and Cashing in on DoS
I've been slowly compiling a list of known botnets should
anyone
On Thu, 7 Oct 2004, Hannigan, Martin wrote:
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
J. Oquendo
Sent: Thursday, October 07, 2004 1:11 AM
To: [EMAIL PROTECTED]
Subject: short Botnet list and Cashing in on DoS
I've been slowly compiling a list
Going after the bots is lesser effort. The controllers are
a priority.
That's not happening.
AV companies are mostly interested in hyping the latest worm or
semi-worm. Drone armies, hundreds of thousands large (no exaggeration)
are just too much of an effort with 1000+ new Trojan horses coming
..., a-la spamhaus. Bothaus anyone?
The problem with that is the list rapidly updates and must be maintained
with some level of frequency and there's a level of trust involved in it
as well.
i consider www.cymru.com to be an excellent beginning toward that goalset.
Going after the bots
Going after the bots is lesser effort. The controllers are a priority.
wide scale BCP38 conformity is the only way any of this will ever happen.
considering that the bots are not spoofing, just how is this gonna
help?
randy
At 01:10 AM 07/10/2004, J. Oquendo wrote:
I've been slowly compiling a list of known botnets should
A lot of the IP addresses you have listed seem like they would change with
some frequency based on the host names. The problem with using such a list
is that it can quickly become out of date
I've been slowly compiling a list of known botnets should
anyone care to filter, or check them in your netblocks if someone in your
range is passing off garbage, etc. Information has been passed from others
admins having to deal with these pest. Care to pass on a host that you're
seeing I'll
36 matches
Mail list logo
