On Sun, 18 Apr 2004, Iljitsch van Beijnum wrote:
> It would be important to make this a list of legitimate SMTP hosts
> only, and NOT a list of non-spammers, as the former can be determined
> through technical means (1) and the latter is open to endless debate.
> (As we can see with pretty much a
Doug White writes:
> It would be nearly impossible for computer software makers to provide
> against any type of attack by those so inclined. The result is that
> they are reactive rather than pro-active.
That's not the point. The difference in degree of security between
Windows and Mac OS X is
on Sun, Apr 18, 2004 at 04:33:18PM +, Paul Vixie wrote:
>
> > Maybe a stupid question... But if broadband providers aren't going to do
> > this, and considering there are way less legitimate SMTP senders than
> > broadband users, wouldn't it make more sense to whitelist known real SMTP
> > so
Operating systems bundled with a retail computer _should_ be reasonably
secure out of the box.
OS X can be placed on a unprotected internet connection in a unpatched
state and it's default configuration allows it to be patched to current
levels without it being compromised.
On the other hand Wi
[snip]
:
: My argument is that a computer needs to be in a safe state by default. I
: firmly believe that if I buy a brand new box from any reputable vendor
: with a premium operating system of choice I should be able to connect this
: device to a local broadband connection indefinitely. It needs
> As for the specifics of your comments, I could not disagree more, but it
> is a philosophy of life that distinguishes our views, not the analysis of
> the problem. I believe (like a lot of other New Englanders and even
> some from California) that people must assume responsibility for their
>
On Tue, 20 Apr 2004 09:21:02 -0500 (CDT), Adi Linden wrote:
>> Since many gateway service providers will not prevent insufficiently
>> skilled users from connecting to the internet and injuring others, the
>> only remaining solution, as far as I can see, is cutting connectivity
>> with those enab
> >Think globally. Even though this forum has NA as its heading, we need to
> >think globally when suggesting solutions. You'll never get any sort of
> >licensing globally nor will you EVER get end users (globally) educated
> >enough to stop doing the things that they do which allow these events
I agree.
90% users CAN NOT UPDATE. How?
- (1) updates are too big to be diownloaded by modem , which fail every 20 -
40 minutes (which is common in many countries);
- (2) if you connect to Internet for update, you are infected by virus much
faster than you install update.
I saw it. Home user in
Yes.
Unfortunately, one day 1,000,000 users will find in their mail boxes fully
automated CD with 'Microsoft Update' on the label and 1,000 viruses /
trojans inside. -:)
>
> >>
> Patches either need to be of a size that a dialup user doesn't have to
> be dialed in for 24 hours to download an
On Mon, 19 Apr 2004 17:53:45 -1000 (HST), Scott Weeks wrote:
>Neither can happen. That's just another way of saying make
all your users
>skilled or go out of business.
The SPs whose business model entails externalizing the
costs SHOULD go out of business
- Original Message -
From: "Scott Weeks" <[EMAIL PROTECTED]>
To: "Dr. Jeffrey Race" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Tuesday, April 20, 2004 1:07 PM
Subject: Re: Microsoft XP SP2 (was Re: Lazy network operators - NOT)
>
> Th
: >Think globally. Even though this forum has NA as its heading, we need to
: >think globally when suggesting solutions. You'll never get any sort of
: >licensing globally nor will you EVER get end users (globally) educated
: >enough to stop doing the things that they do which allow these event
On Mon, 19 Apr 2004 17:07:45 -1000 (HST), Scott Weeks wrote:
>Think globally. Even though this forum has NA as its heading, we need to
>think globally when suggesting solutions. You'll never get any sort of
>licensing globally nor will you EVER get end users (globally) educated
>enough to stop d
On Mon, 19 Apr 2004, Dr. Jeffrey Race wrote:
: On Mon, 19 Apr 2004 06:12:16 -0400, Chris Brenton wrote:
:
: > An uneducated
: >end user is not something you can fix with a service pack.
:
: A profound point, again highlighting the fact that there
: are no technical solutions to this problem. (T
On 19 Apr 2004 22:16:58 +
Paul Vixie <[EMAIL PROTECTED]> wrote:
> [(*) "wierd" could mean streams of tcp/syn or tcp/rst, or forged source
> addresses, or streams of unanswered udp, or streams of ourbound tcp/25,
> or udp/137..139, or who knows what it'll be by this time next month?]
Precis
On Mon, 19 Apr 2004, Paul Vixie wrote:
> two things, though: (1) you'll never get those things fixed and (we both
> know it), (2) so you'd better prepare for the inevitability of widespread
> filtering against your DSL/Cable blocks (whether you talk to me or not.)
Paul, where have you been? The
> > Should ISPs start requiring their users to install Windows XP SP2?
nope. especially since, according to bill gates, linux would have the
same reputation if it was a popular a platform (and therefore a target
of more virii.) now, you could go further, and say "if you emit streams
of wierd(*)
> > Well, Paul did advance a methodology - blackhole them all
>
> If Paul came up with a practical way to fix millions of compromised
> computers which didn't involve hiring entire second-world countries
> to talk grandma through the process, I think many people would be
> interested in talking
At 02:27 PM 4/19/2004, you wrote:
> >I can burn a CD from ISO in about 5 minutes - how about you?
> >I'm talking about XP users who haven't even updated as far as SP1.
> >Win98 users who have never run an update in their life...
> >Win2k users are usually the most patched up that I've seen - becaus
On Mon, 19 Apr 2004 09:10:32 EDT, "Dr. Jeffrey Race" said:
>
> On Mon, 19 Apr 2004 06:12:16 -0400, Chris Brenton wrote:
>
> > An uneducated
> >end user is not something you can fix with a service pack.
>
>
> A profound point, again highlighting the fact that there
> are no technical solutions t
On Sun, 18 Apr 2004 20:03:04 EDT, Sean Donelan said:
> For example if VIX.COM had SPF records for its domain, other people
> could check the SPF records and not send anti-virus bounce messages
> when mail didn't originate from VIX.COM SPF listed systems.
Yeah. They could.
Let me know when Beelz
On Mon, Apr 19, 2004 at 12:03:32PM -0700, Dan Hollis wrote:
>
> On Mon, 19 Apr 2004, Jeff Shultz, WIllamette Valley Internet wrote:
> > ** Reply to message from Drew Weaver <[EMAIL PROTECTED]> on Mon, 19 Apr 2004
> > 13:42:53 -0400
[...notification of the...]
> > > average home Dial-Up user
On Mon, 19 Apr 2004, Jeff Shultz, WIllamette Valley Internet wrote:
> ** Reply to message from Drew Weaver <[EMAIL PROTECTED]> on Mon,
> 19 Apr 2004 13:42:53 -0400
> > However, awhile ago we tried an idea of sending out E-Mail alerts to
> > our customers whenever a critical update of "Remote e
To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>
> Subject: Re: Microsoft XP SP2 (was Re: Lazy network operators - NOT)
>
> >I can burn a CD from ISO in about 5 minutes - how about you?
> >I'm talking about XP users who haven't even updated as far as SP1.
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
> Behalf Of David Schwartz
> Sent: April 19, 2004 12:57 PM
> To: 'Dr. Jeffrey Race'
> Cc: [EMAIL PROTECTED]
> Subject: RE: Microsoft XP SP2 (was Re: Lazy network operators - NOT)
TED]'" <[EMAIL PROTECTED]>
Cc: [EMAIL PROTECTED]
Subject: Re: Microsoft XP SP2 (was Re: Lazy network operators - NOT)
-Original Message-
From: "Jeff Shultz, WIllamette Valley Internet" <[EMAIL PROTECTED]>
Sent: Apr 19, 2004 1:39 PM
To: "'[EMAIL PROTE
** Reply to message from Drew Weaver <[EMAIL PROTECTED]> on Mon,
19 Apr 2004 13:42:53 -0400
> -- Jeff said --
>
>
> Patches either need to be of a size that a dialup user doesn't have to
> be dialed in for 24 hours to download and install them. Or .iso's
> should be available for ISP's to dow
>>
Patches either need to be of a size that a dialup user doesn't have to
be dialed in for 24 hours to download and install them. Or .iso's
should be available for ISP's to download, turn into CD's and
distribute as appropriate. Wouldn't that be nice for a dialup user -
getting Windows Update on
-- Jeff said --
Patches either need to be of a size that a dialup user doesn't have to
be dialed in for 24 hours to download and install them. Or .iso's
should be available for ISP's to download, turn into CD's and
distribute as appropriate. Wouldn't that be nice for a dialup user -
getting Wi
>Patches either need to be of a size that a dialup user doesn't have to
>be dialed in for 24 hours to download and install them. Or .iso's
>should be available for ISP's to download, turn into CD's and
>distribute as appropriate. Wouldn't that be nice for a dialup user -
>getting Windows Update o
> Firstly, who enforces it? The reason it "works" with cars is that
> the state
> (or province for those of us north of the border) effectively says "you
> can't drive a car without this lovely piece of paper/plastic that
> we'll give
> you" and "if we find you driving a car without the lovely pi
** Reply to message from Brian Russo <[EMAIL PROTECTED]> on Mon, 19 Apr
2004 10:51:18 -0400
> As far as mainstream users..
> * Software needs to patch itself, users aren't going to do it.
> * Software needs to be intuitive, people interact with computers as if
> they were doing 'real' things. Th
On Apr 19, 2004, at 4:10 AM, Michael Painter wrote:
First time user of the "net" in '87 when CompuServe announced it to
its denizens.
Thank [deity] for Micro$oft or we'd have to get a real job.
I hear this a lot and it is such BS. Does anyone here HONESTLY believe
the "computer revolution" was
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
> Behalf Of Dr. Jeffrey Race
> Sent: April 19, 2004 9:11 AM
> To: Jeffrey Race
> Cc: [EMAIL PROTECTED]
> Subject: Re: Microsoft XP SP2 (was Re: Lazy network operators - NOT)
>
>
>
At Mon, Apr 19, 2004 at 11:22:17PM +1000, Gregh wrote:
> I would love to know the average age of the list inhabitants.
22
>
> It has been my observation that things which are new become better known
> when a generation has grown up, completely, with it and is teaching the next
> generation.
>
At Mon, Apr 19, 2004 at 08:22:48AM -0400, Chris Brenton wrote:
>
> Agreed. I think part of what makes 0-day easier to hide *is* the raw
> quantity of preventable exploits that are taking place. In many ways we
> have become numb to compromises so that the first response ends up being
> "format and
> >there's no choice at all, really.
>
> Are you suggesting to drop all traffic (which, if widespread would get
> attention) or just email?
at the moment i'm proposing just e-mail. but that's only because we should
already be rejecting udp/137 and udp/138 and udp/139 from outside our campuses
an
- Original Message -
From: "Dr. Jeffrey Race" <[EMAIL PROTECTED]>
To: "Jeffrey Race" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Monday, April 19, 2004 11:10 PM
Subject: Re: Microsoft XP SP2 (was Re: Lazy network operators - NOT)
>
&g
On Mon, 19 Apr 2004 06:12:16 -0400, Chris Brenton wrote:
> An uneducated
>end user is not something you can fix with a service pack.
A profound point, again highlighting the fact that there
are no technical solutions to this problem. (Though
technical measures to enhance traceability are a big
On Mon, 2004-04-19 at 06:27, Brian Russo wrote:
>
> There're a lot more 0-days than that.
Agreed. My ego has not grown so large as to think I've seen every 0-day.
;-) As I said however, the true number of 0-day is less than ground
noise compared to the number of systems that *could* have remained
At Mon, Apr 19, 2004 at 06:12:16AM -0400, Chris Brenton wrote:
>
> Key word here is "essentially". I've been involved with about a half
> dozen compromises that have been true zero days. Granted that's less
> than ground noise compared to what we are seeing today.
There're a lot more 0-days than
On Sun, 2004-04-18 at 23:16, Sean Donelan wrote:
>
> When the Morris worm was release, there wasn't a patch available. Since
> then essentially every compromised computer has been via a vulnerability
> with a patch available or misconfiguration (or usually lack of
> configuration).
Key word here
il 18, 2004 8:14 PM
Subject: Re: Microsoft XP SP2 (was Re: Lazy network operators - NOT)
>
> On Mon, Apr 19, 2004 at 08:50:34AM +0300, Petri Helenius wrote:
> > > Let's face it -- this shouldn't have to be the ISP's problem.
> > > Microsoft needs to quit rushin
On Sun, 18 Apr 2004, Matt Hess wrote:
>
> # Do not allow Windows 9x SMTP connections since they are typically
> # a viral worm. Alternately we could limit these OSes to 1 connection each.
> block in on $ext_if proto tcp from any os {"Windows 95", "Windows 98"} \
>to any port smtp
>
> The
Henry Yen wrote:
> s/most profitable company/convicted (and continuing) OS\&browser
> monopolist/
Sadly the two are not incompatible it appears. If the "rewards" of breaking
the law were normally so good, then most of us would be down at the
localbank with a shotgun... actually, given the audienc
Paul Vixie wrote:
so, we know that a "broadband customer netblock" operator will not
handle complaints, will not fix the systems that are known to be
running third-hand malware, and that the only recourse against abuse
from those places is blackholing them one (ipv4) /32 at a time, or
blackholing
On Mon, Apr 19, 2004 at 08:50:34AM +0300, Petri Helenius wrote:
> > Let's face it -- this shouldn't have to be the ISP's problem.
> > Microsoft needs to quit rushing out new OS releases without properly
> > straining them and stress testing to find as many holes as they can.
> > They need to st
Brandon Shiers wrote:
Let's face it -- this shouldn't have to be the ISP's problem.
Microsoft needs to quit rushing out new OS releases without properly
straining them and stress testing to find as many holes as they can.
They need to start cracking down on themselves and really start
worrying
I think something like this would be best (safest?) used on collection
mx hosts.. hosts that clients would not connect with to send mail.. just
other servers delivering mail inward.. I personally can't imagine why
someone would want to use a win95/98/Me system as a mta.. so this
probably would
On Apr 18, 2004, at 11:40 PM, Matt Hess wrote:
I was amused at this and decided to look real quick.. OpenBSD's pf can
block on OS fingerprints.. effectively doing exactly what you are
kidding about (at least I'd hope so.. well, maybe) even in the man
page example they put:
# Do not allow Wind
Yes I was being mostly facetious. But as others pointed out-
Micro$not is as much to blame for the spam problem as Road Runner and
CommieCast with their extremely shoddy software. Open proxies, worms,
relays, spyware ad nauseum.
I was amused at this and decided to look real quick.. OpenBSD's p
I was amused at this and decided to look real quick.. OpenBSD's pf can
block on OS fingerprints.. effectively doing exactly what you are
kidding about (at least I'd hope so.. well, maybe) even in the man page
example they put:
# Do not allow Windows 9x SMTP connections since they are typically
On Sun, 18 Apr 2004 23:16:36 -0400 (EDT)
Sean Donelan <[EMAIL PROTECTED]> wrote:
Should ISPs start requiring their users to install Windows XP SP2?
IMHO:
Not if they want to stay in business. Our customer base is probably
80%Win 9x users. I can't speak for everybody else, but I would be
will
> Sean Donelan
> Should ISPs start requiring their users to install Windows XP SP2?
Most of those of us that work with m$ products on a daily basis are not
too hot about installing beta code in production. A week after m$
releases it, and after carefully listening to the volume of screams
coming
I haven't seen it mentioned yet but I believe that some may be looking
for something like the lists at: http://www.blackholes.us/ and if it has
been mentioned already I apologize for the duplicate.
Doug White wrote:
:
:
:
: Lou Katz wrote:
: >
: > On Sun, Apr 18, 2004 at 02:01:45PM -0400, J
On Sun, 18 Apr 2004, Doug White wrote:
> I likewise would like to see a better way - but changing the whole internet is
> completely illogical.
> Educating the masses is the same.
> As soon as I see a solution that will work, I will probably try to implement it
> on my system.
Abbot and Costello
:
: That's why I keep advocating better ways to identify the specific sources
: of the unwanted traffic, even if they change IP addresses. That way you
: could positively block the infected computers from not only mail but
: anything else you don't want to supply (no more GOOGLE/YAHOO/CNN for you
On Sun, 18 Apr 2004, Doug White wrote:
> Well, Paul did advance a methodology - blackhole them all
If Paul came up with a practical way to fix millions of compromised
computers which didn't involve hiring entire second-world countries
to talk grandma through the process, I think many people woul
:
:
:
: Lou Katz wrote:
: >
: > On Sun, Apr 18, 2004 at 02:01:45PM -0400, Jerry Eyers wrote:
: > >
: > > >Spamming is pervasive mainly due to the inattention or failure to
enforce
: > > >acceptable use policies by the service provider.
: > >
: > > I must point out that this statement is just fla
Lou Katz wrote:
>
> On Sun, Apr 18, 2004 at 02:01:45PM -0400, Jerry Eyers wrote:
> >
> > >Spamming is pervasive mainly due to the inattention or failure to enforce
> > >acceptable use policies by the service provider.
> >
> > I must point out that this statement is just flat wrong.
> >
> > Spam
> Be careful about the slice and dice effect. Depending on how you divide
> up the numbers you can make any thing come out on top. In some sense
> the problem is a lot worse. Its not just spam, worms, viruses. Its not
> just residential broadband users. Its not even just Microsoft Windows.
w
On Sun, 18 Apr 2004, Alex Bligh wrote:
> Whilst that may gave you some heuristic help, I'm not sure
> about the language. HINFO used that way neither /authenticates/
> the address (in any meaningful manner as the reverse DNS holder
> can put in whatever they like), nor does it /authenticate/ the
>
On Sun, 18 Apr 2004, Sean Donelan wrote:
> I suggested using something like HINFO in the in-addr.arpa address
> zones for service providers to give similar information about IP
> addresses. Yes, I know, using DNS for yet something else. LDAP or
> RWHOIS or any other global mechanism could be use
On Sun, 18 Apr 2004 14:01:45 -0400 (Eastern Daylight Time), Jerry Eyers wrote:
>>Spamming is pervasive mainly due to the inattention or failure to enforce
>
>>acceptable use policies by the service provider.
>
>I must point out that this statement is just flat wrong.
It's flat right. See docum
On 18 Apr 2004 06:13:35 +, Paul Vixie wrote:
>The new motto here is: "Blackhole 'em all and let market
forces sort 'em out."
Hooray.
May Comcast rot in hell. They are completely irresponsible.
Don't even send an auto-ignore message.
Jeffrey Race
On Sun, Apr 18, 2004 at 02:01:45PM -0400, Jerry Eyers wrote:
>
> >Spamming is pervasive mainly due to the inattention or failure to enforce
> >acceptable use policies by the service provider.
>
> I must point out that this statement is just flat wrong.
>
> Spamming exists because spamming wor
> Cost transference. The cost of Spam via postal mail is borne by the
sender.
> When sent via email, the cost is shouldered by the recipient.
It is not perfect comparation. For both, e-mail and post-mail, recipient
pays the same cost for sorting mail , mail box etc. But, for e-mail, sender
pays n
>Spamming is pervasive mainly due to the inattention or failure to enforce
>acceptable use policies by the service provider.
I must point out that this statement is just flat wrong.
Spamming exists because spamming works. Why do spammers send
out millions of emails? Because thousand
> Maybe a stupid question... But if broadband providers aren't going to do
> this, and considering there are way less legitimate SMTP senders than
> broadband users, wouldn't it make more sense to whitelist known real SMTP
> sources rather than blacklist all addresses that potentially have a fake
On 18-apr-04, at 16:55, Paul Vixie wrote:
we already know that the average broadband provider is not even aware
of their
role in the overall spam problem, and does not have the budget to
employ
anyone who could (a) become aware of an HINFO-like registry, (b) know
what
category their netblocks b
> > ... Margin pressure makes it impossible for most "broadband" service
> > providers to even catalogue known-defect customer systems or process
> > complaints about them.
>
> What is the estimated cost per subscriber of such an operation in your
> opinion and where should it be to make it feasib
> I suggested using something like HINFO in the in-addr.arpa address
> zones for service providers to give similar information about IP
> addresses. Yes, I know, using DNS for yet something else. LDAP or
> RWHOIS or any other global mechanism could be used.
more uses for dns is actually a good
--On 18 April 2004 02:56 -0400 Sean Donelan <[EMAIL PROTECTED]> wrote:
If you don't want to accept connections from indeterminate or
unauthenticated addresses, its your choice.
Whilst that may gave you some heuristic help, I'm not sure
about the language. HINFO used that way neither /authenticat
Paul Vixie wrote:
So-called "broadband" user populations (cable, dsl, fixed wireless, mobile
wireless) are full time connected, or nearly so. They are technically
unsophisticated, on average. The platforms they run trade convenience for
security, and must do so in order to remain competitive/rel
So-called "broadband" user populations (cable, dsl, fixed wireless, mobile
wireless) are full time connected, or nearly so. They are technically
unsophisticated, on average. The platforms they run trade convenience for
security, and must do so in order to remain competitive/relevant. Margin
pre
On Sun, 18 Apr 2004, Paul Vixie wrote:
> MAPS or SORBS or somebody needs to set up a "BBL" (broad band list) which is
> just a list of "broadband" customer netblocks, with no moral/value judgement
> expressed or implied. If it's complete and updated frequently, I'd pay for
> a feed because of all
[EMAIL PROTECTED] (John Curran) writes:
> ...
> This would suggest that spam is pervasive largely because of the large
> number of insecure systems available for origination (via port 25 :-),
> not because of providers failing to close barn doors after the fact...
I don't know why it's taken me s
At 9:42 PM -0500 4/17/04, Doug White wrote:
>
>Spamming is pervasive mainly due to the inattention or failure to enforce
>acceptable use policies by the service provider.
It's pervasive because its profitable. It's been profitable because even a few weeks
of a high-speed circuit can generate mil
:
: >Ok, you have eloquently described the problem, now, please be good enough to
: >give your solution
:
:
: There is no easy solution. That's why we still have problems with spam in
: postal mail, and that's been around for how many centuries? I'd go so far
: as to say there's no easy solution,
80 matches
Mail list logo
