Security is a lifestyle.
People laugh when I say this, do they laugh when you say it?
you have to turn it around, insecurity is a lifestyle, before people
will skip the polite (because they think you're joking and it isn't
funny) or nervous (because they think you're paranoid) laughter.
Christopher L. Morrow [EMAIL PROTECTED] wrote:
On Tue, 24 Jun 2003, gml wrote:
Security is a lifestyle.
People laugh when I say this, do they laugh when you say it?
usually they remember a very important event that must be attended to,
and assure me that they do believe in
On Tue, 24 Jun 2003, Paul Vixie wrote:
Security is a lifestyle.
People laugh when I say this, do they laugh when you say it?
you have to turn it around, insecurity is a lifestyle, before people
will skip the polite (because they think you're joking and it isn't
funny) or nervous
http://www.lurhq.com/popup_spam.html
LURHQ Corporation has observed traffic to large blocks of IP addresses on
udp port 1026. This traffic started around June 18, 2003 and has been
constant since that time. LURHQ analysts have determined that the source
of the traffic is spammers who have
On Monday, 2003-06-23 at 01:59 AST, Sean Donelan [EMAIL PROTECTED] wrote:
http://www.lurhq.com/popup_spam.html
LURHQ Corporation has observed traffic to large blocks of IP addresses
on
udp port 1026. This traffic started around June 18, 2003 and has been
constant since that time. LURHQ
The description by LURHQ is misleading. Messenger is an RPC service.
Typical pop-up spammers queried 135 (Windows RPC portmapper) to find the
port number of the messenger service, then send the message to that
port. It turns out that messenger can typically be found on 1026.
And as was noted
At 2:58 -0400 6/23/03, Jeff Kell wrote:
And as was noted earlier, unconditionally blocking udp/1026 will cause
a lot of collateral damage when udp/1026 outbound is used as an ephemeral port
for a legitimate UDP-based service (DNS, NTP, etc).
Jeff
It's been a long time since I did any substantial
Sean Donelan wrote:
http://www.lurhq.com/popup_spam.html
LURHQ Corporation has observed traffic to large blocks of IP addresses on
udp port 1026. [...]
I haven't (yet) seen any scans of port 1026, but looking at my (home)
logs I have seen several with a fixed source port of 1026
On Mon, 23 Jun 2003, Sean Donelan wrote:
http://www.lurhq.com/popup_spam.html
How many ports should ISPs block? People still buy and connect insecure
computers to the net.
ISP's could block all ports and save everyone the hassle of having an
Internet (I am just kidding of course)
On Mon, Jun 23, 2003 at 03:59:56PM +, Christopher L. Morrow wrote:
On Mon, 23 Jun 2003, Sean Donelan wrote:
http://www.lurhq.com/popup_spam.html
How many ports should ISPs block? People still buy and connect insecure
computers to the net.
ISP's could block all ports and save
[EMAIL PROTECTED] (Christopher L. Morrow) writes:
ISP's could block all ports and save everyone the hassle of having an
Internet (I am just kidding of course)
Two interesting points though:
1) Spammers adapt
2) default insecure OS installs cause problems
3) thoughtless reactionism
On 23 Jun 2003, Paul Vixie wrote:
3) thoughtless reactionism at isp's does little good and sometimes some harm.
take for example port-25 blocking. i've been getting relayprobed all
weekend by someone who gets around outbound att's tcp/25 SYN blocking
by sending their SYN's through a
On Mon, 23 Jun 2003, Paul Vixie wrote:
[EMAIL PROTECTED] (Christopher L. Morrow) writes:
ISP's could block all ports and save everyone the hassle of having an
Internet (I am just kidding of course)
Two interesting points though:
1) Spammers adapt
2) default insecure OS
Christopher L. Morrow wrote:
This is what our, atleast, abuse team calls 'fantasy mail'. There is a fix
for it, port 25 in and out filtering for radius customers. The 'problem'
as I understand it, is that the change would be a contract change so it
has to wait for expiration of said contract to
Its a sucky world sometimes. Perhaps Paul complained to
ATT/other-unnamed-provider with logs and such? :)
oh yes. i tried *several* ways to get their attention. however, this
kind of activity is so common these days that a noc literally has no
choice but to focus their efforts on less common
On Mon, 23 Jun 2003, Paul Vixie wrote:
Its a sucky world sometimes. Perhaps Paul complained to
ATT/other-unnamed-provider with logs and such? :)
oh yes. i tried *several* ways to get their attention. however, this
kind of activity is so common these days that a noc literally has no
* [EMAIL PROTECTED] (Christopher L. Morrow) [Mon 23 Jun 2003, 18:01 CEST]:
[..]
Two interesting points though:
1) Spammers adapt
2) default insecure OS installs cause problems
Employees of XS4ALL, a Dutch ISP, today held several talks about a
variety of subjects for its customers to
On Tue, 24 Jun 2003, Niels Bakker wrote:
* [EMAIL PROTECTED] (Christopher L. Morrow) [Mon 23 Jun 2003, 18:01 CEST]:
[..]
Two interesting points though:
1) Spammers adapt
2) default insecure OS installs cause problems
Employees of XS4ALL, a Dutch ISP, today held several talks about
Cc: [EMAIL PROTECTED]
Subject: Re: ISPs are asked to block yet another port
On Tue, 24 Jun 2003, Niels Bakker wrote:
* [EMAIL PROTECTED] (Christopher L. Morrow) [Mon 23 Jun 2003, 18:01 CEST]:
[..]
Two interesting points though:
1) Spammers adapt
2) default insecure OS
19 matches
Mail list logo