Re: How do you stop outgoing spam?
Fortunately, our founding fathers also gave us not only the right, but the duty and the tools to take the treasonous out and dispose of them when they became a threat to the republic. That time is once again here. At 21:53 9/10/02 -0400, you wrote: Ya know Vadim, with all due respect, some people choose to live on their knees, one govt after another. You do know what happened to HUAC et al don't you? They got their butts thrown out of congress. Sen Joe McCarthy died a lonely, bitter, drunk. Meanwhile, civilization demands of us to use a govt or govt-like entity to run a legal system, not vigilantism.
Re: Drive-by spam hits wireless LANs
blitz wrote: And you think the terresterial sources are hard to shut down Drive-by spam hits wireless LANs By Graeme Wearden Special to CNET News.com September 6, 2002, 10:14 AM PT http://news.com.com/2100-1033-956911.html LONDON--The proliferation of insecure corporate wireless networks is fueling the growth of drive-by spamming, a security expert warned on Thursday. I must be honest, I havn't heard of any reports here in Sweden (or anywhere else) that this is a real problem, are there any true incidents that this has happend? /J
Re: Drive-by spam hits wireless LANs
Neil J. McRae wrote: I must be honest, I havn't heard of any reports here in Sweden (or anywhere else) that this is a real problem, are there any true incidents that this has happend? Yes. If you sit with your laptop in the park across from our office you can see 3 unprotected wireless domains. There was an article [although I can't remember what publication] featuring a few people driving through the City of London [London's financial community area] they found serveral unprotected LANs. Regards, Neil. Just cause there are unprotected WLANs dosn't imply that spammers use them (perhaps its to hard for the spammers ;)). Corporations should protect ther WLANs but saying that spamming is a great threat is to overdo it. Regards John
Re: Drive-by spam hits wireless LANs
Just cause there are unprotected WLANs dosn't imply that spammers use them (perhaps its to hard for the spammers ;)). Corporations should protect ther WLANs but saying that spamming is a great threat is to overdo it. I agree, but people said that the spammers wouldn't be able to deal with BGP route advertisement but there was cases of spammers injecting routes sending out spam then removing those routes. Wlan is easy. Neil. -- Neil J. McRae - Alive and Kicking [EMAIL PROTECTED]
Re: Drive-by spam hits wireless LANs
Neil J. McRae wrote: Just cause there are unprotected WLANs dosn't imply that spammers use them (perhaps its to hard for the spammers ;)). Corporations should protect ther WLANs but saying that spamming is a great threat is to overdo it. I agree, but people said that the spammers wouldn't be able to deal with BGP route advertisement but there was cases of spammers injecting routes sending out spam then removing those routes. Wlan is easy. Neil. Yes you are right, but I think that the article on news.com dosn't contain any valuable information but are just there to scare ppl. It isn't so hard to make admins secure the open hotspots, the problem is how to handle ppl who buy hour access at a café. (IMHO) /John
Re: Drive-by spam hits wireless LANs
On Wed, Sep 11, 2002 at 12:45:23PM +0200, John Angelmo wrote: Just cause there are unprotected WLANs dosn't imply that spammers use them (perhaps its to hard for the spammers ;)). Corporations should protect ther WLANs but saying that spamming is a great threat is to overdo it. To some extent. Imagine a few of the following scenarios: 1) You wok for an ISP and have access through them. One large enough that they apply their AUP to their own people. You have ISDN/DSL or some other connection w/ reverse-dns for your personal domain @ home. Someone drives by your place, finds your unprotected lan, sends spam, hacks, etc.. complaints come in, you lose job because you were a spammer and your employer needs to stop, etc. 2) You are a small company, someone does this, and you get blacklisted as a spamhaus. you are unable to get internet access. 3) you have a cable modem as your only high-speed connectivity. you have one of the linksys/whatever nat+802.11a/b boxen. you get used, you get blacklisted and can not get high-speed pr0n again. While these seem like minor annoyances in some cases, they can be quite dramatic to the person on the receiving end. I wish the wireless vendors would use a somewhat more inteligent approach and turn WEP on by default when shipping their units and at the cost of a few cents more they can print a sticker on the box that can be removed later that has the uniqe WEP key for that unit. Similar to the way when you go to the hardware store you can play match-up to get the same key for multiple locks. - Jared -- Jared Mauch | pgp key available via finger from [EMAIL PROTECTED] clue++; | http://puck.nether.net/~jared/ My statements are only mine.
Re: Drive-by spam hits wireless LANs
I agree, but people said that the spammers wouldn't be able to deal with BGP route advertisement but there was cases of spammers injecting routes sending out spam then removing those routes. Wlan is easy. Spammers come from every walk of life including the various technical professions. Otherwise where would all the spamming software and web-scraping software come from!? Just because someone is a technical expert in BGP routing doesn't mean that they will use their skills the way that many NANOG attendees would like them to. Even in the early days of spam, the green-card spammers hired a technical person to set up servers and write spamming scripts. And let's now forget the uber-hackers who create the scripts used so effectively by script-kiddies. And let's not forget, these spammer geeks learn the knowledge from the same places as everyone else, including the NANOG mailing list. I reckon there is a 99.95% probability that there is at least one NANOG subscriber who is a currently an active spammer geek. So if WLANs were relatively safe yesterday, they won't be safe from now on. Of course, if spammers are reduced to driving around major cities in vans generating 802.11b radio traffic, it might be a lot easier to catch them... --Michael Dillon
DNS/Routing advice
Title: Message Everyone, I have a customer that is multihomed, to a public ISP and to another large network that uses 10.0.0.0 address space. The private address space also has services available via public address space and consequently is running a split DNS service, public and private. Because of firewalls and the placement of DNS servers this customer has a nasty routing situation and in order to make DNS work for the private numbers, has spoofed the domain of the private network. My question is this: are there any documents or RFCs that outline what is an acceptable practice for running DNS and what is not? Their kluge of a network causes continuous problems for both the upstream ISP and the private network to which they are connecting and we may find ourselves in a situation where we have to say that 'xyz' is an acceptable way of operating and 'abc' is not. Any advice is appreciated. Thanks! Dan Lockwood
Re: How do you stop outgoing spam?
At 10:16 AM -0700 2002/09/10, Dave Crocker wrote: Laptop mobile users cannot use their home SMTP server. Depends on the configuration of the SMTP server and the mail server client running on the laptop. With SMTPAUTH and/or TLSSMTP, and using a different (unfiltered) port, this shouldn't be a problem. In other words, by blocking output SMTP, mobile users are hurt badly. Can be. Yup. Think of all the iPass and GRiC customers who don't even know who the local provider is that they're dialing up, so that they can get a network connection? I know that *I* certainly am. Constantly and serously. I'm very sorry to hear this. Maybe we can help you get SMTPAUTH and/or TLSSMTP set up on your server and/or client? -- Brad Knowles, [EMAIL PROTECTED] They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety. -Benjamin Franklin, Historical Review of Pennsylvania. GCS/IT d+(-) s:+(++): a C++(+++)$ UMBSHI$ P+++ L+ !E W+++(--) N+ !w--- O- M++ V PS++(+++) PE- Y+(++) PGP+++ t+(+++) 5++(+++) X++(+++) R+(+++) tv+(+++) b+() DI+() D+(++) G+() e++ h--- r---(+++)* z(+++)
Re: How do you stop outgoing spam?
At 2:37 PM -0400 2002/09/10, Barry Shein wrote: A) Make a clear policy as part of the terms conditions, including a significant clean-up fee + direct charges (e.g., if they ask you or prompt a legal question they can pay the legal fee for you to get it answered.) That's nice to have, but hard to enforce. That is, unless you ask for a large up-front cash deposit. B) KNOW WHO THE HELL YOU'RE GIVING ACCOUNTS TO so that (A) works. Get a credit card or verify the phone number and other info (e.g., call them back, insist on calling them back.) Do you know how many credit cards are out there? Do you know how many of them are fake or stolen? You can't even get a decent charge that you can reliably apply to them, because the bank at the other end will refuse payment from a non-existent or closed account. C) Use (B) to enforce (A). Doesn't work. See above. The problem in 99% of the cases is either (B) or ISPs who just don't care at all. CyberCafe's can't use (B), even if it did work. That would violate their basic premise. -- Brad Knowles, [EMAIL PROTECTED] They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety. -Benjamin Franklin, Historical Review of Pennsylvania. GCS/IT d+(-) s:+(++): a C++(+++)$ UMBSHI$ P+++ L+ !E W+++(--) N+ !w--- O- M++ V PS++(+++) PE- Y+(++) PGP+++ t+(+++) 5++(+++) X++(+++) R+(+++) tv+(+++) b+() DI+() D+(++) G+() e++ h--- r---(+++)* z(+++)
Re: How do you stop outgoing spam?
Brad Knowles wrote: B) KNOW WHO THE HELL YOU'RE GIVING ACCOUNTS TO so that (A) works. Get a credit card or verify the phone number and other info (e.g., call them back, insist on calling them back.) Do you know how many credit cards are out there? Do you know how many of them are fake or stolen? You can't even get a decent charge that you can reliably apply to them, because the bank at the other end will refuse payment from a non-existent or closed account. Then do what hotels do to avoid this problem. When you are given the card number and info, you contact the bank and put a hold on the account for the expecte amount of the bill. When the bill actually comes due, you put the charge through. You know that the charge will succeed because the bank is already holding that amount. If the card is stolen, bogus, overdrawn, etc., then you won't be able to place the hold. In which case, you reject the application. CyberCafe's can't use (B), even if it did work. That would violate their basic premise. What basic premise? Free anonymous access? That's new to me. Every one I've seen charges for access. They can easily require charge cards in advance, and place holds on them, in order to identify stolen cards and criminal users. And once a known-valid card is in hand, it can be used to directly impose penalty charges on those that violate the cafe's AUP (which should exist and have no-spamming/no-hacking clauses.) If customers don't want to use charge cards, they can require a large cash deposit up-front, just like the video rental stores do if you try to get a membership without a charge card. -- David
RE: Drive-by spam hits wireless LANs
I believe the question was use of the access to spam, not just that the majority of users leave their equipment (all, not just the wireless part) in the original, out-of-the-box configuration. Remember those comments on the flahsing 12:00 on most VCRs? BTW, everyone out there with a random number/character upper/lower case password at least 12 characters long on every piece of equipment they own, different username/password on each piece please, raise your hand. Thought so. ;) Note my hand is not raised. I'd go nuts. Although the approriate pieces do conform to this. Best regards, _ Alan Rowland -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Neil J. McRae Sent: Wednesday, September 11, 2002 3:37 AM To: John Angelmo Cc: blitz; [EMAIL PROTECTED] Subject: Re: Drive-by spam hits wireless LANs I must be honest, I havn't heard of any reports here in Sweden (or anywhere else) that this is a real problem, are there any true incidents that this has happend? Yes. If you sit with your laptop in the park across from our office you can see 3 unprotected wireless domains. There was an article [although I can't remember what publication] featuring a few people driving through the City of London [London's financial community area] they found serveral unprotected LANs. Regards, Neil. -- Neil J. McRae - Alive and Kicking [EMAIL PROTECTED]
Re: Drive-by spam hits wireless LANs
Jared Mauch wrote: Imagine a few of the following scenarios: 1) You wok for an ISP and have access through them. One large enough that they apply their AUP to their own people. You have ISDN/DSL or some other connection w/ reverse-dns for your personal domain home. Someone drives by your place, finds your unprotected lan, sends spam, hacks, etc.. complaints come in, you lose job because you were a spammer and your employer needs to stop, etc. 2) You are a small company, someone does this, and you get blacklisted as a spamhaus. you are unable to get internet access. 3) you have a cable modem as your only high-speed connectivity. you have one of the linksys/whatever nat+802.11a/b boxen. you get used, you get blacklisted and can not get high-speed pr0n again. While these seem like minor annoyances in some cases, they can be quite dramatic to the person on the receiving end. I wish the wireless vendors would use a somewhat more inteligent approach and turn WEP on by default when shipping their units and at the cost of a few cents more they can print a sticker on the box that can be removed later that has the uniqe WEP key for that unit. Similar to the way when you go to the hardware store you can play match-up to get the same key for multiple locks. Hi In some way you are right, but still I think it's even worse to use WEP cause then the admins might think it's safe, it takes about 15 minutes to crack a wepkey, so instead of drive-by spamming you could call it drive-by, have a bagle, start spamming. The most hardware/software indipendent solution I have seen so far is the use of VPN, simply place the WLAN outside your own LAN. /John
RE: Drive-by spam hits wireless LANs
The cost of enabling/labeling may be only a 'few cents more' but the cost of support when Joe Sixpack forgets his key/loses the label is another story altoghether. There's a reason most equipment, not just wireless, is deliverd in 'chimp simple' configuration... Best regards, _ Alan Rowland -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Jared Mauch Sent: Wednesday, September 11, 2002 5:01 AM To: John Angelmo Cc: Neil J. McRae; blitz; [EMAIL PROTECTED] Subject: Re: Drive-by spam hits wireless LANs On Wed, Sep 11, 2002 at 12:45:23PM +0200, John Angelmo wrote: Just cause there are unprotected WLANs dosn't imply that spammers use them (perhaps its to hard for the spammers ;)). Corporations should protect ther WLANs but saying that spamming is a great threat is to overdo it. To some extent. Imagine a few of the following scenarios: 1) You wok for an ISP and have access through them. One large enough that they apply their AUP to their own people. You have ISDN/DSL or some other connection w/ reverse-dns for your personal domain @ home. Someone drives by your place, finds your unprotected lan, sends spam, hacks, etc.. complaints come in, you lose job because you were a spammer and your employer needs to stop, etc. 2) You are a small company, someone does this, and you get blacklisted as a spamhaus. you are unable to get internet access. 3) you have a cable modem as your only high-speed connectivity. you have one of the linksys/whatever nat+802.11a/b boxen. you get used, you get blacklisted and can not get high-speed pr0n again. While these seem like minor annoyances in some cases, they can be quite dramatic to the person on the receiving end. I wish the wireless vendors would use a somewhat more inteligent approach and turn WEP on by default when shipping their units and at the cost of a few cents more they can print a sticker on the box that can be removed later that has the uniqe WEP key for that unit. Similar to the way when you go to the hardware store you can play match-up to get the same key for multiple locks. - Jared -- Jared Mauch | pgp key available via finger from [EMAIL PROTECTED] clue++; | http://puck.nether.net/~jared/ My statements are only mine.
Re: Drive-by spam hits wireless LANs
On Wed, Sep 11, 2002 at 07:08:53PM +0200, John Angelmo wrote: Jared Mauch wrote: In some way you are right, but still I think it's even worse to use WEP cause then the admins might think it's safe, it takes about 15 minutes to crack a wepkey, so instead of drive-by spamming you could call it drive-by, have a bagle, start spamming. I'm not trying to fix the underlying wireless encryption option just provide a simple way that the manufacturers can ship a 'more secure' out-of-the-box-product. The most hardware/software indipendent solution I have seen so far is the use of VPN, simply place the WLAN outside your own LAN. Absolutely. There are a lot of things one can do: 1) enable wep 2) rotate wep keys 3) authenticate by mac-address 4) restrict dhcp to known mac-addresses 5) force utilization of vpn/ipsec client Obviously not all of these solutions are available in all cases, but in a home or small lan-environment a subset of these will increase security (even if it's reinforcing the screen door with 1/16 of balsa wood) - jared -- Jared Mauch | pgp key available via finger from [EMAIL PROTECTED] clue++; | http://puck.nether.net/~jared/ My statements are only mine.
Re: Drive-by spam hits wireless LANs
This is what console ports / direct cable connects to a mgmt port (usb or whatnot) are useful for. As well as an overall 'clear config' button on the unit. Now if someone can help me figure out the unlock code for the microwave in the house i bought so i can stop unplugging it, let me know :) - jared On Wed, Sep 11, 2002 at 10:11:12AM -0700, Al Rowland wrote: The cost of enabling/labeling may be only a 'few cents more' but the cost of support when Joe Sixpack forgets his key/loses the label is another story altoghether. There's a reason most equipment, not just wireless, is deliverd in 'chimp simple' configuration...
Re: Drive-by spam hits wireless LANs
In some way you are right, but still I think it's even worse to use WEP cause then the admins might think it's safe, it takes about 15 minutes to crack a wepkey, so instead of drive-by spamming you could call it drive-by, have a bagle, start spamming. WEP != security, true. The most hardware/software indipendent solution I have seen so far is the use of VPN, simply place the WLAN outside your own LAN. This would prevent drive-by spamming if combined with a filtering policy that makes the wireless LAN useful only for (authenticated) VPN access and the minimal amount of glue (DHCP, DNS to a specific resolver) required to make the VPN work. If the wireless LAN has access to any host you don't control directly, the risk of there being a conduit to access the wireless LAN in ways that you don't intend goes up. Stephen
Cogent public looking glass?
hi, Does anybody know of the existence of a public looking glass or traceroute server for Cogent Communications? I used to have my hands on a Netrail (AS4006) looking glass, but this seems to be gone now. thanks, regards, Vincent Rais peering coordinator Versatel Telecom Europe B.V. m.(+34) 68 705 9117 (Spain) e. [EMAIL PROTECTED], [EMAIL PROTECTED]
RE: Drive-by spam hits wireless LANs
Wanna bet if Joe Sixpack bothers to re-enable anything he doesn't have to after his first use of the clear config button/power cycle? This also breaks physical security. Find the power panel on the house (accessible by fire code) cycle the power, hack into the now open system... Hey, that's just as plausible as most of the other scenarios in this thread. :O That's why my Linksys maintains its state through a power cycle. One of the reasons I specifically selected it. As far as the microwave, RTFM. Oh, wait, if its not a new house the original Joe Sixpack typical I don't need no stupid manual 'Merican likely threw them away. Might try the manufacturer's web site. Many include PDF manual files and maybe even a Customer Support page. Apologies if you've already been there. Best regards, _ Alan Rowland -Original Message- From: Jared Mauch [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 11, 2002 10:16 AM To: Al Rowland Cc: [EMAIL PROTECTED] Subject: Re: Drive-by spam hits wireless LANs This is what console ports / direct cable connects to a mgmt port (usb or whatnot) are useful for. As well as an overall 'clear config' button on the unit. Now if someone can help me figure out the unlock code for the microwave in the house i bought so i can stop unplugging it, let me know :) - jared On Wed, Sep 11, 2002 at 10:11:12AM -0700, Al Rowland wrote: The cost of enabling/labeling may be only a 'few cents more' but the cost of support when Joe Sixpack forgets his key/loses the label is another story altoghether. There's a reason most equipment, not just wireless, is deliverd in 'chimp simple' configuration...
Re: Drive-by spam hits wireless LANs
* [EMAIL PROTECTED] (Al Rowland) [Wed 11 Sep 2002, 19:13 CEST]: The cost of enabling/labeling may be only a 'few cents more' but the cost of support when Joe Sixpack forgets his key/loses the label is another story altoghether. There's a reason most equipment, not just wireless, is deliverd in 'chimp simple' configuration... Lucent access points - at least, the residential gateways - actually come with WEP enabled by default. (Not that it's beyond trivial to guess the key, though) Regards, -- Niels. -- Patient is Latin for sufferer.
Re: Cogent public looking glass?
On Wed, 11 Sep 2002, Vincent Rais wrote: hi, Does anybody know of the existence of a public looking glass or traceroute server for Cogent Communications? I used to have my hands on a Netrail (AS4006) looking glass, but this seems to be gone now. Try www.traceroute.org /\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\ Patrick Greenwell Asking the wrong questions is the leading cause of wrong answers \/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/
Re: Drive-by spam hits wireless LANs
On Wed, 11 Sep 2002, Jared Mauch wrote: There are a lot of things one can do: 1) enable wep 2) rotate wep keys 3) authenticate by mac-address 4) restrict dhcp to known mac-addresses 5) force utilization of vpn/ipsec client Suddenly laying down UTP doesn't seem so bad anymore... Obviously not all of these solutions are available in all cases, but in a home or small lan-environment a subset of these will increase security (even if it's reinforcing the screen door with 1/16 of balsa wood) You can forget rotating WEP keys on anything that isn't four times as expensive as what most people have at home. Authentication by MAC address doesn't buy you anything since someone else can borrow the MAC address. Does anyone have experience with using asymmetric WEP keys? (= key 1 for AP - client and key 2 for client - AP.) I'm thinking about doing this so I can at least obscure my upstream traffic even if the downstream WEP key is public knowledge. Obviously this isn't anything near safe, but this way I'd risk the inconvenience of someone stealing my HTTP cookies or passwords and messing up my settings for some non-essential web services. (Anything even remotely sensitive will run over SSH or SSL of course.)
Re: How do you stop outgoing spam?
On Wed, 11 Sep 2002, Brad Knowles wrote: B) KNOW WHO THE HELL YOU'RE GIVING ACCOUNTS TO so that (A) works. Get a credit card or verify the phone number and other info (e.g., call them back, insist on calling them back.) C) Use (B) to enforce (A). Doesn't work. See above. Back in the day, a reasonable BBS would voice-validate all new users. This meant getting a valid phone number from a new user, and actually calling them back at that number, before activating an account. We started as a BBS giving out Unix shell accounts. Our new user registration screen still says we voice-validate all new accounts, and we do. == Chris Candreva -- [EMAIL PROTECTED] -- (914) 967-7816 WestNet Internet Services of Westchester http://www.westnet.com/
Re: Drive-by spam hits wireless LANs
{WEP != encryption... thread} As it happens, I'm looking at a consumer 802.11 product that will have real encryption. It should be released Real Soon Now I'll be happy to say more when that happens.. -- A host is a host from coast to [EMAIL PROTECTED] no one will talk to a host that's close[v].(301) 56-LINUX Unless the host (that isn't close).pob 1433 is busy, hung or dead20915-1433
Re: DNS/Routing advice
Dan Lockwood wrote: Everyone, I have a customer that is multihomed, to a public ISP and to another large network that uses 10.0.0.0 address space. The private address space also has services available via public address space and consequently is running a split DNS service, public and private. Because of firewalls and the placement of DNS servers this customer has a nasty routing situation and in order to make DNS work for the private numbers, has spoofed the domain of the private network. My question is this: are there any documents or RFCs that outline what is an acceptable practice for running DNS and what is not? Their kluge of a network causes continuous problems for both the upstream ISP and the private network to which they are connecting and we may find ourselves in a situation where we have to say that 'xyz' is an acceptable way of operating and 'abc' is not. Any advice is appreciated. Thanks! As you have probably realized, shooting yourself in the foot does hurt. Unfortunately not all textbooks warn about it but recommend doing large implementations of 1918 space. I would change the services to be dual-addressed, with both public and private addresses, it should fix most issues that bother users with real addresses. The ones on 10/8 addresses are supposed to experience degraded accessibility, so it's a feature there. In any case, the policy is that you're not supposed to leak anything on the headers nor the payload that contains 1918 addresses. In practice it does not work that way. (unfortunately) Pete
Re: Drive-by spam hits wireless LANs
* [EMAIL PROTECTED] (David Lesher) [Wed 11 Sep 2002, 20:38 CEST]: As it happens, I'm looking at a consumer 802.11 product that will have real encryption. It should be released Real Soon Now I'll be happy to say more when that happens.. No Wires Needed is among the companies working on bringing some real crypto to wireless networking (no idea if you meant them specifically), but I have no idea whether their work will be open-standards based. Regards, -- Niels. -- Patient is Latin for sufferer.
OT: National Moment of Silence
Doug, The only drop in 'traffic' I've ever noticed was in my former life in the military. Retreat policy on base was that traffic pulled to the side of the road and the driver got out, faced the music and rendered the appropriate salute through the end of the anthem. Since this occurred at a regularly scheduled time one indication of its approach was a noticeable drop in traffic preceding retreat. Sad commentary on our allegiance at the time. Best regards, _ Alan Rowland -Original Message- From: Doug Hughes [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 11, 2002 11:39 AM To: Al Rowland Cc: [EMAIL PROTECTED] Subject: RE: National Moment of Silence On Mon, 9 Sep 2002, Al Rowland wrote: I would think there might be a few folk streaming live feeds during this period. Might even result in a higher traffic load leading up to and through the relevant period. Some traffic may also be queued and continue to flow unless SAs worldwide do a bunch of scripting to suspend all processes during this period. A live feed of a national moment of silence consuming traffic. Does anybody but me find this amusingly ironic? :) (I know it's the stuff pre and post silence that the live feeds would be interested in, but still!)
Re: Vulnerbilities of Interconnection
On fredag, sep 6, 2002, at 21:57 Europe/Stockholm, Tim Thorne wrote: OK, what if 60 Hudson, 25 Broadway, LinX and AmsIX were all put out of commission? To some extent - nothing for the above...if design right. The major networks should have designed their networks to route around this. If not - they have done a poor job. For others, the exchange points should be a way merely to off-load their transit connections. However - there is a point in what you are saying, from a national point of view - the exchange points should independently take care of traffic in the case a nation is isolated. But I don't think any of the above are designed for that in the first place... - kurtis -
Re: How do you stop outgoing spam?
And locking your car, taking the keys, setting the alarm or whatever doesn't guarantee someone won't load it into a soundproof truck. BUT IT HELPS! And having run an ISP for 13 years now I'm here to tell you what I say HELPS. I'm not just making this stuff up, I'm telling you what I know from experience. Spammers et al look for easy marks they don't have to compound their crimes with. As to CyberCafes, I don't know anything about those, never used one, never thought about it, surprised they'd be popular with spammers. -b On September 11, 2002 at 14:12 [EMAIL PROTECTED] (Brad Knowles) wrote: At 2:37 PM -0400 2002/09/10, Barry Shein wrote: A) Make a clear policy as part of the terms conditions, including a significant clean-up fee + direct charges (e.g., if they ask you or prompt a legal question they can pay the legal fee for you to get it answered.) That's nice to have, but hard to enforce. That is, unless you ask for a large up-front cash deposit. B) KNOW WHO THE HELL YOU'RE GIVING ACCOUNTS TO so that (A) works. Get a credit card or verify the phone number and other info (e.g., call them back, insist on calling them back.) Do you know how many credit cards are out there? Do you know how many of them are fake or stolen? You can't even get a decent charge that you can reliably apply to them, because the bank at the other end will refuse payment from a non-existent or closed account. C) Use (B) to enforce (A). Doesn't work. See above. The problem in 99% of the cases is either (B) or ISPs who just don't care at all. CyberCafe's can't use (B), even if it did work. That would violate their basic premise. -- Brad Knowles, [EMAIL PROTECTED] They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety. -Benjamin Franklin, Historical Review of Pennsylvania. GCS/IT d+(-) s:+(++): a C++(+++)$ UMBSHI$ P+++ L+ !E W+++(--) N+ !w--- O- M++ V PS++(+++) PE- Y+(++) PGP+++ t+(+++) 5++(+++) X++(+++) R+(+++) tv+(+++) b+() DI+() D+(++) G+() e++ h--- r---(+++)* z(+++) -- -Barry Shein Software Tool Die| [EMAIL PROTECTED] | http://www.TheWorld.com Purveyors to the Trade | Voice: 617-739-0202| Login: 617-739-WRLD The World | Public Access Internet | Since 1989 *oo*
Re: Drive-by spam hits wireless LANs
Getting your entire corporate LAN dumped into the RBL mess could be devastating, how much productivity lost? How much time wasted getting OFF the RBL? How many contacts missed, correspondences missed? You could be getting into a very rough ride for some days to some weeks, as the block information propagates down the food chain, then as the un-block does likewise. Its just better to take the defensive and encrypt in the first place. Agreed, for cyber-squatter places like coffee shops and airports, this could be a pain. At 08:01 9/11/02 -0400, you wrote: On Wed, Sep 11, 2002 at 12:45:23PM +0200, John Angelmo wrote: Just cause there are unprotected WLANs dosn't imply that spammers use them (perhaps its to hard for the spammers ;)). Corporations should protect ther WLANs but saying that spamming is a great threat is to overdo it. To some extent. Imagine a few of the following scenarios: 1) You wok for an ISP and have access through them. One large enough that they apply their AUP to their own people. You have ISDN/DSL or some other connection w/ reverse-dns for your personal domain home. Someone drives by your place, finds your unprotected lan, sends spam, hacks, etc.. complaints come in, you lose job because you were a spammer and your employer needs to stop, etc. 2) You are a small company, someone does this, and you get blacklisted as a spamhaus. you are unable to get internet access. 3) you have a cable modem as your only high-speed connectivity. you have one of the linksys/whatever nat+802.11a/b boxen. you get used, you get blacklisted and can not get high-speed pr0n again.
Re: How do you stop outgoing spam?
On Wed, 11 Sep 2002, David Charlap wrote: Brad Knowles wrote: B) KNOW WHO THE HELL YOU'RE GIVING ACCOUNTS TO so that (A) works. Get a credit card or verify the phone number and other info (e.g., call them back, insist on calling them back.) Do you know how many credit cards are out there? Do you know how many of them are fake or stolen? You can't even get a decent charge that you can reliably apply to them, because the bank at the other end will refuse payment from a non-existent or closed account. Then do what hotels do to avoid this problem. When you are given the card number and info, you contact the bank and put a hold on the account for the expecte amount of the bill. When the bill actually comes due, you put the charge through. You know that the charge will succeed because the bank is already holding that amount. If the card is stolen, bogus, overdrawn, etc., then you won't be able to place the hold. In which case, you reject the application. This actually uses the standard mechanism for credit card transactions, if forget the proper terms but basically what happens is that you apply the charges at point of sale but then the settlement is actually authorised later on in the day, or in the case of not needing payment the charge is revoked. You dont normally notice this in day to day shopping.. The problems are that you need to put an amount through and that will be taken off the card holders credit limit so how much do you want to take? Too little and you've not really secured any cash, too much and you could reduce their available balance too greatly and cause them issues (they overspend!) But ok, your real point is that if the card isnt valid you will get a rejection there and then. But theres a catch to this also in that a lot of credit card fraud these days is done on valid numbers. This occurs quite simply as a result of going in a shop, giving someone your card and they either keep a copy of the number or where they dont get access to the systems can use hand held copiers to read the info off and upload later. These people then pass these perfectly legitimate numbers on.. Steve CyberCafe's can't use (B), even if it did work. That would violate their basic premise. What basic premise? Free anonymous access? That's new to me. Every one I've seen charges for access. They can easily require charge cards in advance, and place holds on them, in order to identify stolen cards and criminal users. And once a known-valid card is in hand, it can be used to directly impose penalty charges on those that violate the cafe's AUP (which should exist and have no-spamming/no-hacking clauses.) If customers don't want to use charge cards, they can require a large cash deposit up-front, just like the video rental stores do if you try to get a membership without a charge card. -- David
RE: Cogent public looking glass?
ehm... maybe asking the wrong question then: If traceroute.org (the first place you look, right?) doesn't have a public looking glass for Cogent Communications, perhaps someone knows where I may find one? thanks again, Vince -Oorspronkelijk bericht- Van: Patrick [mailto:[EMAIL PROTECTED]] Verzonden: Wednesday, September 11, 2002 7:40 PM Aan: Vincent Rais CC: NANOG mailing list Onderwerp: Re: Cogent public looking glass? On Wed, 11 Sep 2002, Vincent Rais wrote: hi, Does anybody know of the existence of a public looking glass or traceroute server for Cogent Communications? I used to have my hands on a Netrail (AS4006) looking glass, but this seems to be gone now. Try www.traceroute.org /\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\ /\ Patrick Greenwell Asking the wrong questions is the leading cause of wrong answers \/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/ \/
Re: DNS/Routing advice
Hello... Dan Lockwood wrote: Everyone, I have a customer that is multihomed, to a public ISP and to another large network that uses 10.0.0.0 address space. The private address The other large network is, IMHO, broken for doing this. The address space is no longer 'private'. space also has services available via public address space and consequently is running a split DNS service, public and private. Because of firewalls and the placement of DNS servers this customer has a nasty routing situation and in order to make DNS work for the private numbers, has spoofed the domain of the private network. My question is Have you thought about DNS 'forwarding' ? something like this in your DNS server: zone broken.company { type forward; forwarders { 10.0.0.1; 10.0.0.2; // first using private address space publicly // then not even putting DNS on seperate networks // lamers }; }; instead of running their zone locally? this: are there any documents or RFCs that outline what is an acceptable practice for running DNS and what is not? Their kluge of a network IMHO, this is a broken network issue not really a DNS issue. causes continuous problems for both the upstream ISP and the private network to which they are connecting and we may find ourselves in a situation where we have to say that 'xyz' is an acceptable way of operating and 'abc' is not. Any advice is appreciated. Thanks! Dan Lockwood And please don't post in HTML. -- Christopher McCrory The guy that keeps the servers running [EMAIL PROTECTED] http://www.pricegrabber.com Let's face it, there's no Hollow Earth, no robots, and no 'mute rays.' And even if there were, waxed paper is no defense. I tried it. Only tinfoil works.
Re: DNS/Routing advice
On Wed, 11 Sep 2002, Dan Lockwood wrote: Everyone, I have a customer that is multihomed, to a public ISP and to another large network that uses 10.0.0.0 address space. The private address space also has services available via public address space and consequently is running a split DNS service, public and private. Because of firewalls and the placement of DNS servers this customer has a nasty routing situation and in order to make DNS work for the private I assume the public ISP provides another route to the large network where the services are hosted in case the direct link fails? Is it possible to tunnel from your net over the public ISP to the large network thereby keeping your private nets off the public ones? You wouldnt need the DNS fix then either? Steve numbers, has spoofed the domain of the private network. My question is this: are there any documents or RFCs that outline what is an acceptable practice for running DNS and what is not? Their kluge of a network causes continuous problems for both the upstream ISP and the private network to which they are connecting and we may find ourselves in a situation where we have to say that 'xyz' is an acceptable way of operating and 'abc' is not. Any advice is appreciated. Thanks! Dan Lockwood
Re: Console Servers
Hi Try looking at this company's line of products: http://www.itouchcom.com/ they used to be Xyplex. Arie On Tue, 10 Sep 2002, Charles Sprickman wrote: Hello all, Here's what I've found out. It's a mix. If any one solution looks to be the winner it's the roll-your-own solution. This is what I'm going for since it's relatively cheap for low-density installs. The only problem I'm finding is that it's tough to get a 1U box that has 2 PCI slots open. 2U seems overkill. Since Compact Flash adapters are cheap (about $20) and the cards themselves can be had for $59 (128MB), I'm going to go diskless. I'll probably use conserver, but I'll be giving rtty a try as well. If anyone has pointers to cheap 1U or 2U's, I'm all ears. Just need a minimal box, don't need much CPU for this. With about 13 replies, I can report the following: Lantronix - http://www.lantronix.com/products/cs/scs820_scs1620/index.html 1 vote for, one against. The complaint was that the Lantronix has a very bad management interface. I also noted that BBC is using a mess of these at Telehouse... Cyclades - http://www.cyclades.com/products/ts_series.php 4 for. Under the covers, it's your average linux box with ttys0-ttys31. The portslave software is pretty nice, too. Offline data buffering and the ability to stick a hostname relationship with a serial port. [Ex: ssh2 bob:myserver@cyclades to connect to server myserver ] Another poster is using the cyclades and the digi, and if I'm reading him right, uses the Cyclades 48 port for smaller installations and the digi on larger. Digi - http://www.digi.com/solutions/devtermsrv/cm/index.shtml Looks to run about $1800 for 16 ports 1 for (kind of). The poster has a large installed base and it mostly works and has a very high density. Apparently it's a two-piece system where a cable fans out to boxes that further split it. But if one of the splitters locks up, everything dasiy-chained through it locks up. This person is now using Cyclades (please correct me if I'm wrong on this one). Equinox - 2 folks using these (cards). We use the Equinox SST-128P (theoretically expandable to 128 ports, comes in 16-port chunks) on Linux. Their linux drivers work well [...] It's aPCI card with a cable to an external plugboard with the 16 RJ-45s. I have had a bit of experience with Equinox (http://www.equinox.com/) gear and can recommend them. Their serial hubs will talk serial to almost anything out there and when plugged into cat5, tunnel those serial ports back to physical mappings on a host system. [...] Geared more towards industrial applications (what I'm using them for) but I have often considered slapping one in our telecomm rack to map serial ports on my local box to our various gear. Cisco - 2 suggestions to use a 2511 or a 3620 with 16 port async cards. The 2511 would probably be a bit too slow if you enable ssh though... Livingston - 2 for an old portmaster behind an ssh-able box (if you have the space) Arula Systems (www.arula.com)- 1 vote for this, apparently a new company. Build your own - 5 for this solution. Everyone is using FreeBSD, and the RocketPort cards seem to work better than the Cyclades cards under FreeBSD. 3 people are using conserver (www.conserver.com) to make it easier to manage. Paul Vixie shared the following (he gave permission to quote in full): We use RocketPort, FreeBSD, IronSystems, and ISC rtty. http://www.rocketport.com/products/specs/rack16_foto.asp http://www.rocketport.com/products/specs/specs.asp?product=rp_pci http://www.freebsd.org/ http://www.ironsystems.com/ ftp://ftp.vix.com/pub/vixie/rtty-4.0.shar.gz This puts a BSD box in every POP, which is very useful for many reasons. So there you are... Thanks for all the responses. Charles
Re: How do you stop outgoing spam?
At 1:51 PM -0700 2002/09/10, Eliot Lear wrote: A proposed activity for Portland? Network engineer assisted homocide? Seriously, how about a spam lottery? With payouts that only occur on the death of a known spammer? Of course, you'd have to ensure that the death was accidental, as we would not want to be seen as condoning or encouraging murder. -- Brad Knowles, [EMAIL PROTECTED] They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety. -Benjamin Franklin, Historical Review of Pennsylvania. GCS/IT d+(-) s:+(++): a C++(+++)$ UMBSHI$ P+++ L+ !E W+++(--) N+ !w--- O- M++ V PS++(+++) PE- Y+(++) PGP+++ t+(+++) 5++(+++) X++(+++) R+(+++) tv+(+++) b+() DI+() D+(++) G+() e++ h--- r---(+++)* z(+++)
Re: How do you stop outgoing spam?
At 12:48 PM -0400 2002/09/11, David Charlap wrote: When you are given the card number and info, you contact the bank and put a hold on the account for the expecte amount of the bill. When the bill actually comes due, you put the charge through. You know that the charge will succeed because the bank is already holding that amount. There are plenty of cards that don't properly authorize immediately. You can go ahead and place whatever hold you want or even make whatever charges you want, but a few days later you'll get a charge-back from the holding bank -- the charge was refused by the owner, the card doesn't actually exist, the card has been cancelled, etc They got the service, you theoretically claimed your payment, and then you get screwed. I have a card like this. I've never used it this way, but I have accidentally managed to charge way more stuff on the card than my available credit, and my bank has done charge-backs. If the card is stolen, bogus, overdrawn, etc., then you won't be able to place the hold. In which case, you reject the application. See above. What basic premise? Free anonymous access? No. Anonymous access for a minimal fee. You can't ask people to lay down $500 cash (or whatever your spamming charge is) and expect to stay in business. Every one I've seen charges for access. They can easily require charge cards in advance, and place holds on them, in order to identify stolen cards and criminal users. See above. There are also cards which don't properly authorize immediately, but the other way -- they are valid, the person presenting it really is the legal owner, there is plenty of available credit, but when you try to place a charge or a hold, it is refused. I have another card like this myself. As a CyberCafe operator, how do you deal with a situation where someone has only one card and it won't authorize? If customers don't want to use charge cards, they can require a large cash deposit up-front, How large? How far are you willing to go while you keep losing business? just like the video rental stores do if you try to get a membership without a charge card. Really? I've never seen that kind of behaviour here. -- Brad Knowles, [EMAIL PROTECTED] They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety. -Benjamin Franklin, Historical Review of Pennsylvania. GCS/IT d+(-) s:+(++): a C++(+++)$ UMBSHI$ P+++ L+ !E W+++(--) N+ !w--- O- M++ V PS++(+++) PE- Y+(++) PGP+++ t+(+++) 5++(+++) X++(+++) R+(+++) tv+(+++) b+() DI+() D+(++) G+() e++ h--- r---(+++)* z(+++)
RE: Console Servers
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Hi Try looking at this company's line of products: http://www.itouchcom.com/ they used to be Xyplex. We've had pretty good luck with these... Like other embedded systems, they are a good fit for those without patience for more science projects in the PoP. It seems that the iR 8000 is one of the few (only?) reasonably priced TS systems that have NEBS Level 3 cert... for those that require ILEC colo, or have special durability concerns. Regards, Andrew Bender taqua.com
Re: How do you stop outgoing spam?
On Wed, Sep 11, 2002 at 11:56:32PM +0200, Brad Knowles wrote: There are also cards which don't properly authorize immediately, but the other way -- they are valid, the person presenting it really is the legal owner, there is plenty of available credit, but when you try to place a charge or a hold, it is refused. I have another card like this myself. As a CyberCafe operator, how do you deal with a situation where someone has only one card and it won't authorize? Depends on the relative costs. See below. If customers don't want to use charge cards, they can require a large cash deposit up-front, How large? How far are you willing to go while you keep losing business? That depends - how long will you bet able to get an upstream which doesn't cancel your service for failure to deal with the problem? That, more than anything, is the opposite pressure cost - if it costs these places less to allow spam than to prohibit it, because nobody whacks them with an AUP saying your efforts are insufficient, well, they're a business - they'll go with what's cheaper. just like the video rental stores do if you try to get a membership without a charge card. Really? I've never seen that kind of behaviour here. All the time, around here. Summary: as with every other natural resource, 'the commons' are now held under market rule. If it turns a profit to spoil them, it will end up happening. The question is how to make it more costly to permit spam than to deny it. And on that note, it's the same old tune, and is no longer operational. -- *** Joel Baker System Administrator - lightbearer.com [EMAIL PROTECTED] http://users.lightbearer.com/lucifer/