Re: RFC2549 revisited

[David Lesher]

SMB:

> For what it's worth, I first heard that analogy -- more precisely, 
> "never understimate the bandwidth of a station wagon full of mag tapes 
> going up the Taconic Parkway" in the 1969-1970 academic year.  



The classic Compuserve story was they got {Internet} mail before
ftp, etc... This mail came via a Telebit Trailblazer link to OSU
where Karl Kleinpaste was postmaster, or at least chief guru.

Trouble was, CIS users soon discovered: a) ftp-by-mail {It broke
your ftp up into mail-sized chunks and mailed you as many parts
as needed..  I used to use it for SIMTEL20} and b) certain Swedish
ftp sites.

By the time Karl got on top of it, the queue had overflowed
all available OSU mail disk space and shut down OSU's mail. The
nose-high professors had the unmitigated gall to complain about
same.  Karl had to work fast.

The first thing was a CIS mail block. The second was to write off
much of the backlog to 9 track tape and drive it across town to
CIS where they mounted and loaded same. The only disappointment
in this is there is no "turnpike" anywhere nearby Columbus, &
I don't know if Karl drove a station wagon.


-- 
A host is a host from coast to [EMAIL PROTECTED]
& no one will talk to a host that's close[v].(301) 56-LINUX
Unless the host (that isn't close).pob 1433
is busy, hung or dead20915-1433

Re: RFC2549 revisited

[Steven M. Bellovin]

In message <[EMAIL PROTECTED]>, Crist Clark writes:
>
>[EMAIL PROTECTED] wrote:
>> http://www.notes.co.il/benbasat/5240.asp
>> 
>> Probably significant jitter on the RTTs though
>
>My personal favorite quote along these lines has always been,
>
>   "Never underestimate the bandwidth of a station wagon full of
>quarter-inch tapes."
>
>Even thought the oft repeated story behind it may not be totally true,
>
>   http://www.bbc.co.uk/dna/h2g2/A678576
>
>And of course there are other theories on the origins,
>
>   http://www.bpfh.net/sysadmin/never-underestimate-bandwidth.html

For what it's worth, I first heard that analogy -- more precisely, 
"never understimate the bandwidth of a station wagon full of mag tapes 
going up the Taconic Parkway" in the 1969-1970 academic year.  At the 
time, IBM had a small research lab across the street from Columbia 
University; I worked there as a systems programmer for an IBM 1130.  One 
of the major purposes of this machine was to act as an RJE (remote job 
entry) station for some big mainframes at Yorktown Heights; when we 
were having trouble getting it working, someone uttered -- more likely, 
quoted -- that line.  This is considerably earlier than the Tanenbaum 
story, though well after the invention of early modems.  (For what it's 
worth, the modem we were using was probably 2000 or 2400 bps, 
half-duplex; the link used bisync.  And it was BIG.)


--Steve Bellovin, http://www.research.att.com/~smb

.mil contact information

[German Martinez]

Hello,
Could somebody from any .mil network contact me offline ?

Thanks
German

---
"Discouragement is an enemy of your perseverance. If you don't fight against
discouragement you will become pessimistic first, and lukewarm afterwards.
Be an optimist"
-- St. JoseMaria Escriva (1902 - 1975) Opus Dei's Founder

New IPv4 Allocations to the RIPE NCC

[Steve Conte]

Greetings,

This is to inform you that the IANA has allocated the following four (4) 
IPv4 /8 blocks to the RIPE NCC:

85/8
86/8
87/8
88/8
For a full list of IANA IPv4 allocations please see: 
.

Thanks,

Steve
---
Steve Conte - IANA
[EMAIL PROTECTED]
PGP KeyID: 0x0972C473

Re: Spam with no purpose?

[Jonathan Nichols]

Deepak Jain wrote:


Can someone explain to me (publicly or privately) why someone would send 
spam with no product to sell, no position to pitch, nothing except text 
designed to get by a spam filter -- without even HTML to KNOW it got by 
a spam filter..

Quite often it's broken spam-ware. Ever see %RND_UC_CHAR in the subject? 
Broken software. Spammer didn't even RTFM for his own ratware.

Properly trained SpamAssassin with some additional rulesets 
(http://www.exit0.us) catches the vast majority of those.

-Jonathan

Re: RFC2549 revisited

[Crist Clark]

[EMAIL PROTECTED] wrote:
http://www.notes.co.il/benbasat/5240.asp

Probably significant jitter on the RTTs though
My personal favorite quote along these lines has always been,

  "Never underestimate the bandwidth of a station wagon full of
   quarter-inch tapes."
Even thought the oft repeated story behind it may not be totally true,

  http://www.bbc.co.uk/dna/h2g2/A678576

And of course there are other theories on the origins,

  http://www.bpfh.net/sysadmin/never-underestimate-bandwidth.html

--
Crist J. Clark   [EMAIL PROTECTED]
Globalstar Communications(408) 933-4387

Re: Mail with no purpose?

[Richard Cox]

On Thu, 1 Apr 2004 17:15:10 UTC <[EMAIL PROTECTED]> wrote:

> I don't quite understand how that would work.
...
> unless instead of using something like
> "http://spammersserver.com/[EMAIL PROTECTED]"
> they rewrite it into "http://emailidstring.spammerserver.com";
> and use some custom dns server that can log all such requests.

That is precisely what they are doing.

> But I really dont see how this would be any different then just
> logging with cgi, it'll result in positive logging for exactly
> same set of people.

In pure logging terms there is no difference.  However a filtering
mailserver may do a lookup on the URL to see if the IP is listed as
problematic, and that will register the DNS access whereas it would
not register the CGI.  The thinking being that the filter would be
unlikely to check the content if the address was invalid anyway.

Also, the IP of the URL target is more likely to be identifiable,
and the site taken down, than any nameserver that might be used.
(It's all relative - no absolutes here)

-- 
Richard Cox

Re: Spam with no purpose?

[Laurence F. Sheldon, Jr.]

[EMAIL PROTECTED] wrote:


	for those who tire of the increasing complexity of email(*)
	may I recommend  /usr/ucb/mail - a (relatively) small, lightweight
	MUA.  
	
(*) plus attachments, video/audio clips, goofy fonts, textured/scented "stationary", 
et.al.
and/or  POP/IMAP, procmail, spamassasin, black/white/grey-lists, DNS hacks, et.al.
I'm thinking "Big Chief" tablet and black crayon.

--
Requiescas in pace o email

RE: Mail with no purpose?

[Michel Py]

> William Leibzon wrote:
> But I really dont see how this would be any different then just
> logging with cgi, it'll result in positive logging for exactly
> same set of people.
> For example as I'm using PINE from unix shell, all those html
> images are not referenced in any way, nor are there requests
> set for them in dns.

Although this is true, the relevance of it is low. From the smart
spammer's prospective, sending spam to people that use Pine makes no
sense in the first place: people that use Pine are 1,000 times less
gullible than the general population WRT to spam, therefore having their
email addresses not confirm with cgi or whatever does not change the big
scheme of things. I don't know about you, but the volume coming to my
various "postmaster" or "administrator" is decreasing, as the ROI of
spam sent to these must obviously be very low.

In other words: if you're already to the point where you are using a
text-mode mail client or disabling HTML and/or other stuff in a GUI
client, you are no loss to the spammer if your email does not confirm as
valid (because you would not even read it nor buy any of their crud in
the first place).

Re: Mail with no purpose?

[Eric Brunner-Williams in Portland Maine]

To pick on one bulk political mailer, Kintera.Org, mail from

[EMAIL PROTECTED]

contains a tracking gif, a 1x1, within the html portion of a multipart MIME
payload. Voila:

http://www.kintera.org/omt/70069677.gif'>

Yes I've kevetched to the Kucinich campaign that putting tracking gifs in
political marketing is dumb, but to no avail. Of course the html contains
more URLs than just the one into Kintera's mail delivery and click-through
tracking playpen.

Wrong community I know (ASRG is over there) but something like DCC that
catches the "twinkle" of a spam's URL payload by nsen niggles me.

Eric

Re: Mail with no purpose?

[william(at)elan.net]

On Thu, 1 Apr 2004, Eric A. Hall wrote:

> On 4/1/2004 11:15 AM, william(at)elan.net wrote:
> 
> > Where as WYSIWYG html email client (no matter if its web-based or
> > outlook or mozilla) will reference and display all images contained in
> > email
> 
> You can turn it off in Mozilla and some MS clients. It's a pretty common
> feature nowadays.

Yeh, good. 
My point still stands though, your email client will either try to resolve
the url and try to get the image or it will not (in which case there would
be no dns request either).
 
-- 
William Leibzon
Elan Networks
[EMAIL PROTECTED]

Re: Mail with no purpose?

[Eric A. Hall]

On 4/1/2004 11:15 AM, william(at)elan.net wrote:

> Where as WYSIWYG html email client (no matter if its web-based or
> outlook or mozilla) will reference and display all images contained in
> email

You can turn it off in Mozilla and some MS clients. It's a pretty common
feature nowadays.

-- 
Eric A. Hallhttp://www.ehsco.com/
Internet Core Protocols  http://www.oreilly.com/catalog/coreprot/

RFC2549 revisited

[Valdis . Kletnieks]

http://www.notes.co.il/benbasat/5240.asp

Probably significant jitter on the RTTs though


pgp0.pgp
Description: PGP signature

Re: Mail with no purpose?

[william(at)elan.net]

On Thu, 1 Apr 2004, Richard Cox wrote:

> Some times the request goes to the website, sometimes a DNS request to
> nameservers is sufficient to cause the account to be tagged as active.

I don't quite understand how that would work. DNS Request does not contain 
name of who the email is addressed to unless instead of using something like 
"http://spammersserver.com/[EMAIL PROTECTED]"
they rewrite it into "http://emailidstring.spammerserver.com";
and use some custom dns server that can log all such requests.

But I really dont see how this would be any different then just logging
with cgi, it'll result in positive logging for exactly same set of people.

For example as I'm using PINE from unix shell, all those html images
are not referenced in any way, nor are there requests set for them in dns.
Where as WYSIWYG html email client (no matter if its web-based or outlook 
or mozilla) will reference and display all images contained in email

-- 
William Leibzon
Elan Networks
[EMAIL PROTECTED]

Re: Spam with no purpose?

[Randy Bush]

> for those who tire of the increasing complexity of email(*)
> may I recommend  /usr/ucb/mail - a (relatively) small, lightweight
> MUA.  

real hackers read their mail with cat  -- from some sig back in the '80s 

Re: Mail with no purpose?

[Richard Cox]

(Subject line changed to comply with Merit's AUP)

On Thu, 1 Apr 2004 13:28:31 UTC Jerry Eyers <[EMAIL PROTECTED]> wrote:

> it sends a request to the sender's specified website to get the pixel
> thus showing them which email accounts are active.

Some times the request goes to the website, sometimes a DNS request to
nameservers is sufficient to cause the account to be tagged as active.
False tagging can occur if a mailserver or other scanner looks up the
IP of URLs found in mail messages

On Thu, 1 Apr 2004 15:03:35 UTC Randy Bush <[EMAIL PROTECTED]> wrote:

> except for those of us who don't use browsers to read mail and have
> html turned off in our mail readers.

After the last batch of worms that found their way here, it's a bit
disappointing that Merit hasn't yet blocked HTML mail to this list.

-- 
Richard Cox

Re: the value of reverse address lookups?

[Valdis . Kletnieks]

On Wed, 31 Mar 2004 19:21:43 EST, "Douglas F. Calvert" <[EMAIL PROTECTED]>  said:

> justification for this practice?  In my opinion it does not appear to
> increase the validity of the connection. But I may be missing something

It tells you that the connection is coming from a netblock managed by somebody
with enough clue and motivation to get PTR records right.  If the site can't
even get that right, they're probably lacking in logging/auditing and the like
as well.

As a result, it's a pretty safe bet that if your site policy says you'll go
looking for somebody if there's a problem with the connection, you might as
well drop the connection early on, because nobody's answering the cluephone at
the remote end...

As far as SMTP goes, it's surprising (barely) how often you get "MX points to myself"
errors back from sites that don't have a valid PTR either



pgp0.pgp
Description: PGP signature

Re: Spam with no purpose?

[bmanning]

On Thu, Apr 01, 2004 at 07:03:35AM -0800, Randy Bush wrote:
> 
> > A message like this will usualy contain an html portion with an image in
> > it that is a single pixel in size, that is white-on-white.  It doesn't
> > show up when you look at it, but it sends a request to the sender's
> > specified website to get the pixel, thus showing them which email accounts
> > are active.
> 
> except for those of us who don't use browsers to read mail and have html
> turned off in our mail readers.  i just love those "get a mail reader that
> can handle html" responses to my requests not to post html to nanog and
> other ops lists.  html ain't quite as bad as javascript, but with today's
> html hackin' kiddies, it's a close contest.
> 
> randy


for those who tire of the increasing complexity of email(*)
may I recommend  /usr/ucb/mail - a (relatively) small, lightweight
MUA.  

--bill

(*) plus attachments, video/audio clips, goofy fonts, textured/scented "stationary", 
et.al.
and/or  POP/IMAP, procmail, spamassasin, black/white/grey-lists, DNS hacks, et.al.

Re: Spam with no purpose?

[Randy Bush]

> A message like this will usualy contain an html portion with an image in
> it that is a single pixel in size, that is white-on-white.  It doesn't
> show up when you look at it, but it sends a request to the sender's
> specified website to get the pixel, thus showing them which email accounts
> are active.

except for those of us who don't use browsers to read mail and have html
turned off in our mail readers.  i just love those "get a mail reader that
can handle html" responses to my requests not to post html to nanog and
other ops lists.  html ain't quite as bad as javascript, but with today's
html hackin' kiddies, it's a close contest.

randy

RE: MLPPP Follow Up - How we fixed the problem

[jlewis]

On Thu, 1 Apr 2004, Paul Stewart wrote:

> Any issues with more than 2 connections?  We have a customer that we are
> doing this for right now with two T1's.. Customer wants a third one
> possibly.. Can't see a problem but thought I'd ask...
>
> How many could you theoretically do if you really had to? ;)

AFAIK, depending on IOS version, the max-paths you can load balance with
CEF is 6 or 8.  i.e. In some older versions, it is 6, and I've had to do
upgrades to get 8 T1's to load share.

Most instances of this that I've done have been on our own network where
we use OSPF on the T1's and set maximum-paths in router ospf.  I have
seen/done 4xT1 service load balanced to customers using static routes.

--
 Jon Lewis [EMAIL PROTECTED]|  I route
 Senior Network Engineer |  therefore you are
 Atlantic Net|
_ http://www.lewis.org/~jlewis/pgp for PGP public key_

RE: Spam with no purpose?

[Michel Py]

> [EMAIL PROTECTED] wrote:
> What would happen if an ISP's mail server were to collect
> the URLs in emails and then retrieve the URL. Wouldn't
> this create a lot of false positives for the spammer thus
> screwing with their business model?

It has to be smarter; this would not reproduce the decay rate, for
example. Would fool only beginners.

Michel.

Re: Spam with no purpose?

[Michael . Dillon]

>A message like this will usualy contain an html portion with an image in 
it
>that is a single pixel in size, that is white-on-white.  It doesn't show 
up
>when you look at it, but it sends a request to the sender's specified
>website to get the pixel, thus showing them which email accounts are 
active.

What would happen if an ISP's mail server were to collect the URLs
in emails and then retrieve the URL. Wouldn't this create a lot of
false positives for the spammer thus screwing with their business model?

And what if some scumsucking bottom feeder were to create a whole
bunch of fake email addresses pointing at the servers of ISPs who
do this. And then this evil waste-of-space no-buts were to sell that
list to spammers for a good price based on the fact that these were all 
good active email addresses?

Criminals victimizing other criminals... oh what a surprise!

And what if ISPs would get together and share the IP addresses
of these 1-pixel web servers via some type of real-time feed 
so that they could engage in cooperative blocking of validation
traffic? Would they be helping the spamming criminals or would
they be helping the scamming criminals or would they be good guys?

Doesn't appear to be a 'foolish' item..

[Robert Mathews]

  http://www.networksolutions.com/en_US/name-it/popup-100-yr-term.jhtml


Robert.
---

Re: Spam with no purpose?

[Jerry Eyers]

A message like this will usualy contain an html portion with an image in it
that is a single pixel in size, that is white-on-white.  It doesn't show up
when you look at it, but it sends a request to the sender's specified
website to get the pixel, thus showing them which email accounts are active.

Jerry
 
---Original Message---
 
From: Adrian Chadd
Date: 03/31/04 22:58:29
To: Deepak Jain
Cc: [EMAIL PROTECTED]
Subject: Re: Spam with no purpose?
 
On Wed, Mar 31, 2004, Deepak Jain wrote:
>
>
> Can someone explain to me (publicly or privately) why someone would send
> spam with no product to sell, no position to pitch, nothing except text
> designed to get by a spam filter -- without even HTML to KNOW it got by
> a spam filter..
 
(a) kill bayesian filters - people would simply mark it as spam and then
notice that their spam filters become less trustworthy.
(b) list scraping - perhaps not random dictionary words (i've seen
real-sounding meeting confirmation emails, for example, which
a few unrelated friends of mine also received) to determine which
email addresses are/aren't valid
(c) Sometimes, I get spam with the above crap in the text body, but
a spam-like HTML body.
 
 
 
 
Adrian
 
--
Adrian Chadd I'm only a fanboy if
<[EMAIL PROTECTED]> I emailed Wesley Crusher.
 
 

Is your domain licensed?

[Stephen J. Wilcox]

Old news in terms of the granting of a patent on subdomains.. new news (afaik) 
that theyve now started sending out letters telling folks they need to pay now 
for a license:

http://www.theregister.co.uk/content/4/36707.html

Patent:
http://appft1.uspto.gov/netacgi/nph-Parser?Sect1=PTO2&Sect2=HITOFF&p=1&u=/netahtml/PTO/search-bool.html&r=10&f=G&l=50&co1=AND&d=PG01&s1=Shuster.IN.&s2=Brian.IN.&OS=IN/Shuster+AND+IN/Brian&RS=IN/Shuster+AND+IN/Brian

So, does anything need doing or like New.net and SCO do we just need to laugh at 
the futility and stupidity of these people and get back to more boring things?

Steve

Re: SMTP behavior: 553 5.5.2 Bad command format(h)

[Simon Lockhart]

On Wed Mar 31, 2004 at 05:16:41PM -0600, Miguel Mata-Cardona wrote:
> WTF? can anyone please explain me why must I enclose my 
> address between the "<>"?

Because the RFC says you should. Even back in RFC821 this was the
case:

MAIL  FROM: 

 ::= 

 ::= "<" [  ":" ]  ">"

Simon
-- 
Simon Lockhart |   Tel: +44 (0)1628 407720 (x(01)37720) | Si fractum 
Technology Manager |   Fax: +44 (0)1628 407701 (x(01)37701) | non sit, noli 
BBC Internet Ops   | Email: [EMAIL PROTECTED]| id reficere
BBC Technology, Maiden House, Vanwall Road, Maidenhead. SL6 4UB. UK