Re: ad.doubleclick.net missing from DNS?
Sean Donelan([EMAIL PROTECTED])@2004.07.27 12:34:04 +: > The A record for ad.doubleclick.net is missing from DNS. This is > causing apparent web page slowdowns when viewing web sites containing ads > linked to ad.doubleclick.net Short remedy recipee: - Download Firefox -> http://www.mozilla.org - Install AdBlocker Extension (Tools>Extensions>Get Extensions...) - Block http://*.doubleclick.net/ - Add more rules to your gusto and have a pleasant browsing experience ;-) Regards, /k -- > There is something fascinating about science. One gets such wholesale returns > of conjecture out of such a trifling investment of fact. --Mark Twain webmonster.de -- InterNetWorkTogether -- built on the open source platform http://www.webmonster.de/ - ftp://ftp.webmonster.de/ - http://www.rohrbach.de/ GnuPG: 0xDEC948A6 D/E BF11 83E8 84A1 F996 68B4 A113 B393 6BF4 DEC9 48A6 Please do not remove my address from To: and Cc: fields in mailing lists. 10x
Re: change to the COM and NET TLD
Neil J. McRae([EMAIL PROTECTED])@2003.09.16 08:40:54 +: > I do not wish to be bound to your terms and I do not agree > with them. Please take this as notice of such. The best thing is that they appear to filter search results on some basis. And they set cookies (long-term) to "store the preferences". ``Filtering attempts to block content containing explicit and adult material. While no filter is 100% effective, Site Finder uses industry-leading technology to identify explicit content and reduce undesired results.'' The best thing would be simply to switch it off. While folks got used to the strange MSIE error messages, they have the same "learning curve" now again, but they also need to understand the privacy implications. ``Third Party Search Results and Cookies We use third-party companies to serve paid and unpaid search results and other content to our Site Finder. In the course of serving these results, these companies may place or recognize a cookie on your browser, and may use information (not including your name, address, e-mail address, or telephone number) about your visits to this and other web sites in order to serve content to our site, improve the services offered on our site, or measure advertising effectiveness of paid search results. For more information about this practice and to know your choices about not having your information used by these companies, please visit http://www.content.overture.com/d/Usm/about/company/privacypolicy.jhtml.'' This is really ugly. IANAL, but is this fair and common business behaviour? As I am located in "Old Europe", I say "it's not" and it might have one or the other legal implication in Germany. Regards, /k -- > Examining the world's major religions. I'm looking for something that's > light on morals, has lots of holidays, and with a short initiation period. webmonster.de -- InterNetWorkTogether -- built on the open source platform http://www.webmonster.de/ - ftp://ftp.webmonster.de/ - http://www.rohrbach.de/ GnuPG: 0xDEC948A6 D/E BF11 83E8 84A1 F996 68B4 A113 B393 6BF4 DEC9 48A6 Please do not remove my address from To: and Cc: fields in mailing lists. 10x
Re: What *are* they smoking?
Miquel van Smoorenburg([EMAIL PROTECTED])@2003.09.16 08:43:26 +: > > Oh yes, top of the line: > [...] Mike, even better: it's answering in an unconditional mode! --- [EMAIL PROTECTED]:datasink[2]% telnet jhsdfajjkasfjkjkasf.net 25 Trying 64.94.110.11... Connected to jhsdfajjkasfjkjkasf.net. Escape character is '^]'. 220 snubby4-wcwest Snubby Mail Rejector Daemon v1.3 ready ehlo sucker 250 OK mail from: [EMAIL PROTECTED] 250 OK rcpt to: [EMAIL PROTECTED] 550 User domain does not exist. data 250 OK bla 221 snubby4-wcwest Snubby Mail Rejector Daemon v1.3 closing transmission channel Connection closed by foreign host. [EMAIL PROTECTED]:datasink[2]% telnet jhsdfajjkasfjkjkasf.net 25 Trying 64.94.110.11... Connected to jhsdfajjkasfjkjkasf.net. Escape character is '^]'. 220 snubby4-wcwest Snubby Mail Rejector Daemon v1.3 ready 250 OK 250 OK 550 User domain does not exist. 250 OK 221 snubby4-wcwest Snubby Mail Rejector Daemon v1.3 closing transmission channel Connection closed by foreign host. --- At least it leads to momentary amusement. Mad scientists or propellerheads at work there? /k -- > Beware of bugs in the above code; I have only proved it correct, not > tried it. --Donald Knuth webmonster.de -- InterNetWorkTogether -- built on the open source platform http://www.webmonster.de/ - ftp://ftp.webmonster.de/ - http://www.rohrbach.de/ GnuPG: 0xDEC948A6 D/E BF11 83E8 84A1 F996 68B4 A113 B393 6BF4 DEC9 48A6 Please do not remove my address from To: and Cc: fields in mailing lists. 10x
Re: Email virus protection
just me([EMAIL PROTECTED])@2003.08.20 14:41:02 +: > Please don't pretend that your MUA-de-jour is somehow invulnerable by > design, unless you've audited every line of code yourself. I don't. Mutt and similar MUAs are prone to misconfiguration, which makes them vulnerable to some degree, but this fact alone does not expose enough surface for implementation of an internet-wide worm attack ;-) Perhaps, Outlook is a secure and performant email solution - in, say, 3 to 4 years from now, but this means a drastic change of course for the vendor. In end-user application design, finding the right mix between security and and convenience (which tend to be mutually exclusive, in one way or the other) is a critical design decision. You get the point. > On a different angle, the apparent problem of a software product being > vulnerable to an exploit is not solved by deploying a - albeit > well-patched - application monoculture worldwide. Risk is lowered by > using more well-designed software packages out there. Diversity is the > name of the game, it's nature's solution and it seems to work quite > well. > > I completely agree. Which is why I discourage people from using > Outlook Express as well as Mutt. So the interesting question in context of this email thread is: what do you encourage them for? Regards, /k -- > Horngren's Observation: > Among economists, the real world is often a special case. webmonster.de -- InterNetWorkTogether -- built on the open source platform http://www.webmonster.de/ - ftp://ftp.webmonster.de/ - http://www.rohrbach.de/ GnuPG: 0xDEC948A6 D/E BF11 83E8 84A1 F996 68B4 A113 B393 6BF4 DEC9 48A6 Please do not remove my address from To: and Cc: fields in mailing lists. 10x
Re: Email virus protection
just me([EMAIL PROTECTED])@2003.08.20 14:17:17 +: > > http://www.cert.org/advisories/CA-1997-14.html > http://www.cert.org/advisories/CA-1998-10.html > > Wow, the second one even mentions Mutt by name. The more recent of those two advisories is dated August 11, 1998. What are you trying to express, by citation of those pretty outdated CERT advisories? If you are trying to imply that software does not improve in a time frame of five years, go ahead and convince me. =) On a different angle, the apparent problem of a software product being vulnerable to an exploit is not solved by deploying a - albeit well-patched - application monoculture worldwide. Risk is lowered by using more well-designed software packages out there. Diversity is the name of the game, it's nature's solution and it seems to work quite well. Regards, /k -- > Zero Defects, n.: The result of shutting down a production line. webmonster.de -- InterNetWorkTogether -- built on the open source platform http://www.webmonster.de/ - ftp://ftp.webmonster.de/ - http://www.rohrbach.de/ GnuPG: 0xDEC948A6 D/E BF11 83E8 84A1 F996 68B4 A113 B393 6BF4 DEC9 48A6 Please do not remove my address from To: and Cc: fields in mailing lists. 10x
Re: Email virus protection
Jack Bates([EMAIL PROTECTED])@2003.08.20 15:49:01 +: > > That's what the net admin was telling me when I mentioned one of his > branch bank offices had Sobig-F. Apparently they all run A/V and I think > he said his mail server does as well. Unfortunately, they still allow > executables in. The problem is the false sense of security while using anti-virus products. For having a working signature, somebody has to be hit first and submit the virus to the AV vendor. This requires a certain time, which leads - in case of the latest womr occurences which appear to be pretty aggressive - to a certain amount of infections that happen before there are signatures available. And then, the update still has to be downloaded to the AV scanning software which extends the time window being unprotected against a certain worm or virus variant. So, the virus and worm authors are always one step ahead. This is by design of the AV concept. Better put the wasted cash and time into the design of better systems, which brings the software developers this critical one step in the lead. Due to what obscure reason does a mail user agent have to execute interpreted code and do unasked things to mail attachments, nowadays? Regards, /k -- > Those who do not understand Unix are condemned to reinvent it, poorly. > --Henry Spencer webmonster.de -- InterNetWorkTogether -- built on the open source platform http://www.webmonster.de/ - ftp://ftp.webmonster.de/ - http://www.rohrbach.de/ GnuPG: 0xDEC948A6 D/E BF11 83E8 84A1 F996 68B4 A113 B393 6BF4 DEC9 48A6 Please do not remove my address from To: and Cc: fields in mailing lists. 10x
Re: Email virus protection
Christopher J. Wolff([EMAIL PROTECTED])@2003.08.20 10:50:55 +: > > What is the most common method for providing virus protection for your > hosted email customers? Thank you in advance. Making them switch to a software product that does not auto-execute arbitrary chunks of code that come in via some network connection. Ok, you got me, it is not the most common method "out there", but the most common method for my customers ;-) There's quite a lot of usable stuff out there. Many Win32 users have switched to Mozilla which seems to solve 100% of the Outlook-specific attacks which account for... hmmm... 100% of the malicious email messages of the last 6 months. Some switched to Mac. Many UNIX users are on mutt or similar MUAs which do not bear the potential for execution of arbitrary code. Sure, this does not apply for Exchange-driven installations that require Outlook, but there are also alternatives available. Deployment cost causes a certain lack of motivation to get rid of Exchange, but if you calculate a potential impact of Microsoft worms and viruses (virii?) in terms of damage to the company's data and infrastructure and also credibility, it's worth it, quite often. A bit more on the philosophical side of things, the international press and media - and many people reading or watching those media - mix up the terms "internet threat", "Microsoft-specific threat" and "Outlook-specific threat" which leads to a totally twisted perspective of the current events. Fact is, that there's a broad base of installed and Microsoft-driven PCs which are vulnerable. Customers often realize this after you explain it to them step-by-step and they seem very happy with their new knowledge about what actually caused the vulnerability of their company and information infrastructure. Some of them - call them brave - take immediate action and implement fallback or alternative solutions. Regards, /k -- > Parts that don't exist can't break. --Russell Nelson webmonster.de -- InterNetWorkTogether -- built on the open source platform http://www.webmonster.de/ - ftp://ftp.webmonster.de/ - http://www.rohrbach.de/ GnuPG: 0xDEC948A6 D/E BF11 83E8 84A1 F996 68B4 A113 B393 6BF4 DEC9 48A6 Please do not remove my address from To: and Cc: fields in mailing lists. 10x
Re: Blocked by msn.com MX, contact for MSN.COM postmaster ?
Miquel van Smoorenburg([EMAIL PROTECTED])@2003.01.28 11:49:16 +: > > I found out that our outgoing SMTP servers have been blocked by > the msn.com MXes. In a nasty way, too -- no SMTP error, the TCP > connection is simply closed by them immidiately after establishing it. > We're not listed on any RBL/DNSBL and have an active abuse desk. Miquel, does this problem still endure? I had such a thing quite a while ago (mid-2002) with them, but apparently it was a temporary problem of their MX in servers. I am also not listed in RBLs (due to pretty restrictive relaying policy) and the like, I was also _not_ able to reach someone at their end ([EMAIL PROTECTED]). After several hours of closed sockets, everything just worked again. Right now, our mail to msn.com goes via smtp-gw-4.msn.com(207.46.181.13) which appears to work: 220 cpimssmtpa19.msn.com Microsoft ESMTP MAIL Service, Version: 5.0.2195.4905 ready at Tue, 28 Jan 2003 06:09:46 -0800 Apparently their service runs on some successor of Win2000, so I wouldn't be very surprised, if it turned out to be resource shortage on their end (WRT things like The Worm Of The Week[tm] and the like). A misconfigured proxy or load balancing device might be another option. Also, their clock is off by approx. five minutes. Their system apparently lacks NTP support, or the clocks in Redmond are 5 minutes behind the rest of the world... :-> Oh no - not-so-funny - they got different clock drift for every machine (cpimssmtpa[01..40].msn.com) that happens to pop up when connecting to their best preference MX. Looks like they DNS-loadbalance their loadbalancers for SMTP, too. Funny. Regards, /k[Ok-I-am-silent-now]arsten -- > Motto of the Electrical Engineer: > Working computer hardware is a lot like an erect penis: it > stays up as long as you don't fuck with it. WebMonster Community Project -- Reliable and quick since 1998 -- All on BSD http://www.webmonster.de/ - ftp://ftp.webmonster.de/ - http://www.rohrbach.de/ GnuPG: 0xDEC948A6 D/E BF11 83E8 84A1 F996 68B4 A113 B393 6BF4 DEC9 48A6 REVOKED: 0x2964BF46 D/E 42F9 9FFF 50D4 2F38 DBEE DF22 3340 4F4E 2964 BF46 REVOKED: 0x4C44DA59 RSA F9 A0 DF 91 74 07 6A 1C 5F 0B E0 6B 4D CD 8C 44 Please do not remove my address from To: and Cc: fields in mailing lists. 10x
Re: Standalone Stratum 1 NTP Server
Mike Leber([EMAIL PROTECTED])@2002.08.26 23:52:08 +: > I was wondering if anybody has any suggestions for a low priced, off the > shelf, complete (includes any necessary receivers), standalone (as in you > just plug it in and connect ethernet), stratum 1 NTP server? some years ago, i migrated all of my server infrastructure from NTP to clockspeed and the taiclock protocol, which works a bit different to NTP. every server keeps its own correction/drift values in a running software PLL. my current update interval is to poll the main server(s) every two weeks. after experiencing several problems with xntpd (like folks sending random udp packets with spoofed ip addresses causing several machines to drift up to two(!) hours (yes, the default configurations are without any auth on most OS distributions), the problem was solved by not depending on a steady feed of fresh clock information. adjustment bases solely on a single correction value, which runs in a tolerance window of about 25 to 30 attoseconds per week on most intel based boards i got here. http://cr.yp.to/clockspeed.html i know that some folks will start to bash on dan, again, but his approach to tackle the time synchronization problem appeared to solve most/all of our operational problems of our time servers and clients. in daily operations, clockspeed/taiclock clearly proved to be superior to NTP, timed, et al. furthermore, the software is very simple to install and maintain, with less security/stability risks due to less complexity in code. regards, /k -- > CS Students do it in the pool. WebMonster Community Project -- Reliable and quick since 1998 -- All on BSD http://www.webmonster.de/ - ftp://ftp.webmonster.de/ - http://www.rohrbach.de/ GnuPG: 0xDEC948A6 D/E BF11 83E8 84A1 F996 68B4 A113 B393 6BF4 DEC9 48A6 REVOKED: 0x2964BF46 D/E 42F9 9FFF 50D4 2F38 DBEE DF22 3340 4F4E 2964 BF46 REVOKED: 0x4C44DA59 RSA F9 A0 DF 91 74 07 6A 1C 5F 0B E0 6B 4D CD 8C 44 My mail is GnuPG signed -- Unsigned ones are bogus -- http://www.gnupg.org/ Please do not remove my address from To: and Cc: fields in mailing lists. 10x msg04810/pgp0.pgp Description: PGP signature
introducer trust model, Was: Eat this RIAA (or, the war has begun?)
Steven M. Bellovin([EMAIL PROTECTED])@2002.08.22 02:03:32 +: > I assume you're talking about the Berman bill -- for the full text, see > http://thomas.loc.gov/cgi-bin/query/D?c107:1:./temp/~c107Pidyhy:: > (it's not law yet). Note in particular that although they have to > notify the Attorney-General of the technologies they intend to use, > the bill doesn't say anything about IP addresses. Note also that the > technology list is confidential. > > Actually, the entire text is pretty appalling -- but read it for > yourself. hmmm all of the efforts to block/modify connections via adress based methods (blackholing whole networks, bh based on AS, ...) are up to no avail, IMHO. let their ``hacker'' folks just order a bunch of dsl lines distributed all over the major providers, and those methods don't make any sense. the same problems apply to blocking incoming SMTP connections, or mails from/to specific addresses, SPAM. thinking a little bit more about the issue with networked services in general (including SMTP and the spam/abuse problems, as well as filesharing and many more), the conclusive decision would be to define a bullet proof standard on introducer based trust, deriving a certain trust level or metric from a peer-trust based trust chain. this has several (dis)advantages: - no central authority involved, nobody will charge your creditcard for issuing a certificate - somewhat more unsharp but still pretty restrictive method of applying permissions to use resources - follows the basic paradigm behind TCP/IP, delivering a never-lights-out trust model that cannot be compromised easily, if it is good in design and implementation i am not an expert in this field, but i think that a generic standard for this kind of trust model is long overdue, the only application nowadays out there in the wild using it being pgp's model of the web of trust. creating such a generally applicable model of introducer trust, starting from design over implementation of a portable library that does it all, up to plug-in extensions to existing software (like hooking it up to SMTP greetings of the major flavours of MTAs, adding it to certain protocols, like HTTP, where it could easily replace most HTTP-Basic-Auth style systems of most community sites, like adding it to say gnutella's protocol, etc.) would solve a whole bunch of problems we all got today. with a certain amount of engineering effort, it might be applicable to IPSEC, too. of course there will be new problems that arise, and we need to take them into account. together with a bunch of folks that feel theirselves at home in the networked services, PKCS and protocol areas, there should be an (half)open discussion, to pave the road to get such a thing on track. this won't be an easy or short term project. also, i'm quite sure that there has been done quite some research in this field, being open or closed source/papers already, which should be aggregated to see the big picture. suggestions welcome, tell me what you think, even if you think that it's a moronic idea (in any case, the ``why'' is the important point) regards, /k -- > In protocol design, perfection has been reached not when there is nothing > left to add, but when there is nothing left to take away. > --Networking truth #12, Ross Callon, RFC 1925 WebMonster Community Project -- Reliable and quick since 1998 -- All on BSD http://www.webmonster.de/ - ftp://ftp.webmonster.de/ - http://www.rohrbach.de/ GnuPG: 0xDEC948A6 D/E BF11 83E8 84A1 F996 68B4 A113 B393 6BF4 DEC9 48A6 REVOKED: 0x2964BF46 D/E 42F9 9FFF 50D4 2F38 DBEE DF22 3340 4F4E 2964 BF46 REVOKED: 0x4C44DA59 RSA F9 A0 DF 91 74 07 6A 1C 5F 0B E0 6B 4D CD 8C 44 My mail is GnuPG signed -- Unsigned ones are bogus -- http://www.gnupg.org/ Please do not remove my address from To: and Cc: fields in mailing lists. 10x msg04724/pgp0.pgp Description: PGP signature
Re: Echo
Brad Knowles([EMAIL PROTECTED])@2002.08.17 23:36:49 +: > At 3:48 AM +0200 2002/08/17, Karsten W. Rohrbach wrote: > > > ...ip source address that is, thought it was obvious. > > You mean, the IP address of the machine contacting you, or the IP > address of the originating machine? If the former, keep in mind that > many providers host a large number of customers, and you could deny > service to a lot of innocent people. If the latter, then you would > be vulnerable to forging. every machine connecting to an smtp port is a potential transmitting relay... > > >a very logical > > algorithm would be ``n source ip adresses per /16 per minute'' which > > would catch at least the badly distributed DDoS attacks and does not > > impose large processing overhead in cycles and memory, i think. > > Assuming you're talking about the transmitting relay (which would > be difficult to fake), this would be some additional protection. thinking twice about the pseudo algo up there, it would be rotten easy to DoS the systems for connections from ``well-known'' systems which might depend on the service (latency measurement, again). one would need to have a white list for those ip adresses. > > > i don't think that an echo service would be this popular that it > > needs to process very many messages for the same /16 in a short period > > of time. > > Unless someone is trying to DoS your machine. Heck, they could > just generate zillions of SYN packets with random source IP > addresses, and that could cause you some significant problems. syn-cookies, where's the problem? > > > it was just a quick idea. but queueing and (rapidly) scheduled weedouts > > of those queues are nothing new, when you guard services with gpg/pgp. > > Cron job every minute? Would you use a program to pull down the > mailbox with POP3 or IMAP or somesuch, or would you directly access & > process the mailbox? Or maybe pre-filter the messages with procmail > into seperate mailbox files which could then be further processed by > your script? hmmm, cron job is simple, but intermediate storage of the incoming mails might pose problems, you're prefectly right... > > What do you do if they decide to start sending you a large number > of really huge messages? They could potentially fill up your mailbox > space on the disk, even in just a single minute. deliver to a filter that limits max. size of messages by lines? then stuff its output in a fifo with a daemon listening on the other side: |head -n200 >/var/whereever_not_tmp/echofifo implement the fifo listener as a small daemon that select()s on the fifo and processes the mails. regards, /k -- > "Niklaus Wirth has lamented that, whereas Europeans pronounce his name > correctly (Ni-klows Virt), Americans invariably mangle it into > (Nick-les Worth). Which is to say that Europeans call him by name, but > Americans call him by value." WebMonster Community Project -- Reliable and quick since 1998 -- All on BSD http://www.webmonster.de/ - ftp://ftp.webmonster.de/ - http://www.rohrbach.de/ GnuPG: 0xDEC948A6 D/E BF11 83E8 84A1 F996 68B4 A113 B393 6BF4 DEC9 48A6 REVOKED: 0x2964BF46 D/E 42F9 9FFF 50D4 2F38 DBEE DF22 3340 4F4E 2964 BF46 REVOKED: 0x4C44DA59 RSA F9 A0 DF 91 74 07 6A 1C 5F 0B E0 6B 4D CD 8C 44 My mail is GnuPG signed -- Unsigned ones are bogus -- http://www.gnupg.org/ Please do not remove my address from To: and Cc: fields in mailing lists. 10x msg04472/pgp0.pgp Description: PGP signature
Re: Echo
Brad Knowles([EMAIL PROTECTED])@2002.08.16 23:46:51 +: > At 9:43 PM +0200 2002/08/16, Karsten W. Rohrbach wrote: > > > - scoreboard: one mail from one source addres in one minute time window > > Do you just queue messages from source addresses, so that you > don't generate more than one echo in a minute, or do you throw away > every message from that source address which was generated less than > one minute ago? please, see the other answer in this thread. > > Also, how do you handle echoes of echoes? For example, if I > forged e-mail as being from [EMAIL PROTECTED] and addressed that to > [EMAIL PROTECTED] (or whatever), would this generate an endless loop? X-Loop: > > What if I put "[EMAIL PROTECTED],[EMAIL PROTECTED]" as the return address? > Would you send back two copies? No. > Just curious. Thanks! regards, /k -- > Nuclear war can ruin your whole compile. --Karl Lehenbauer WebMonster Community Project -- Reliable and quick since 1998 -- All on BSD http://www.webmonster.de/ - ftp://ftp.webmonster.de/ - http://www.rohrbach.de/ GnuPG: 0xDEC948A6 D/E BF11 83E8 84A1 F996 68B4 A113 B393 6BF4 DEC9 48A6 REVOKED: 0x2964BF46 D/E 42F9 9FFF 50D4 2F38 DBEE DF22 3340 4F4E 2964 BF46 REVOKED: 0x4C44DA59 RSA F9 A0 DF 91 74 07 6A 1C 5F 0B E0 6B 4D CD 8C 44 My mail is GnuPG signed -- Unsigned ones are bogus -- http://www.gnupg.org/ Please do not remove my address from To: and Cc: fields in mailing lists. 10x msg04452/pgp0.pgp Description: PGP signature
Re: Echo
Brad Knowles([EMAIL PROTECTED])@2002.08.16 22:27:08 +: > At 9:43 PM +0200 2002/08/16, Karsten W. Rohrbach wrote: > > > Brad Knowles([EMAIL PROTECTED])@2002.08.16 19:48:10 +: > >>What kinds of anti-abuse protection methods have people used for > >> "echo" accounts that they have set up? > > > > - scoreboard: one mail from one source addres in one minute time window > > Yeah, but then abusers could easily generate elephantine > quantities of messages, simply by randomly generating return > addresses (if they wanted to DoS you or your network), or by randomly > generating the user portion of return addresses (if they wanted to > abuse you to DoS someone else). If they know that there are multiple > domains handled by the same servers, they could randomly generate > addresses within that set of domains. ...ip source address that is, thought it was obvious. a very logical algorithm would be ``n source ip adresses per /16 per minute'' which would catch at least the badly distributed DDoS attacks and does not impose large processing overhead in cycles and memory, i think. i don't think that an echo service would be this popular that it needs to process very many messages for the same /16 in a short period of time. > > > - gnupg: mail needs to be signed to fire a return mail. key of the > >signer must belong to the robot's gpg trust web. > > Ooh, so in order to use the echo server, they have to send a PGP > signed message? Wow, that's pretty expensive. That sounds like a > really excellent way to DoS your server. it was just a quick idea. but queueing and (rapidly) scheduled weedouts of those queues are nothing new, when you guard services with gpg/pgp. other soft capacity limitings can be done if the rate limiting described above lets through too much, such as deleting queue entries by random when hitting an excessive queue length. when measuring of link latency is done with it, the gpg approach might impose problems, since you need to rely on the outgoing mail timestamp of the echo relay because of variable queue length and gpg processing time. > > Thanks for sharing! > you're welcome. /k -- WebMonster Community Project -- Reliable and quick since 1998 -- All on BSD http://www.webmonster.de/ - ftp://ftp.webmonster.de/ - http://www.rohrbach.de/ GnuPG: 0xDEC948A6 D/E BF11 83E8 84A1 F996 68B4 A113 B393 6BF4 DEC9 48A6 REVOKED: 0x2964BF46 D/E 42F9 9FFF 50D4 2F38 DBEE DF22 3340 4F4E 2964 BF46 REVOKED: 0x4C44DA59 RSA F9 A0 DF 91 74 07 6A 1C 5F 0B E0 6B 4D CD 8C 44 My mail is GnuPG signed -- Unsigned ones are bogus -- http://www.gnupg.org/ Please do not remove my address from To: and Cc: fields in mailing lists. 10x msg04451/pgp0.pgp Description: PGP signature
Re: Echo
Brad Knowles([EMAIL PROTECTED])@2002.08.16 19:48:10 +: > What kinds of anti-abuse protection methods have people used for > "echo" accounts that they have set up? - scoreboard: one mail from one source addres in one minute time window - gnupg: mail needs to be signed to fire a return mail. key of the signer must belong to the robot's gpg trust web. regards, /k -- > To avoid criticism, do nothing, say nothing, be nothing. --Elbert Hubbard WebMonster Community Project -- Reliable and quick since 1998 -- All on BSD http://www.webmonster.de/ - ftp://ftp.webmonster.de/ - http://www.rohrbach.de/ GnuPG: 0xDEC948A6 D/E BF11 83E8 84A1 F996 68B4 A113 B393 6BF4 DEC9 48A6 REVOKED: 0x2964BF46 D/E 42F9 9FFF 50D4 2F38 DBEE DF22 3340 4F4E 2964 BF46 REVOKED: 0x4C44DA59 RSA F9 A0 DF 91 74 07 6A 1C 5F 0B E0 6B 4D CD 8C 44 My mail is GnuPG signed -- Unsigned ones are bogus -- http://www.gnupg.org/ Please do not remove my address from To: and Cc: fields in mailing lists. 10x msg0/pgp0.pgp Description: PGP signature
Re: Microslosh vision of the future
Curtis Maurand([EMAIL PROTECTED])@2002.08.14 11:33:02 +: > Wasn't that what OpenDoc was supposed to be about? ``you can get some coders out of a trailerpark, but you can't get the trailerpark of some coders...'' eg. it's a community communication thing. regards, /k -- > Black holes are where GOD is dividing by zero WebMonster Community Project -- Reliable and quick since 1998 -- All on BSD http://www.webmonster.de/ - ftp://ftp.webmonster.de/ - http://www.rohrbach.de/ GnuPG: 0xDEC948A6 D/E BF11 83E8 84A1 F996 68B4 A113 B393 6BF4 DEC9 48A6 REVOKED: 0x2964BF46 D/E 42F9 9FFF 50D4 2F38 DBEE DF22 3340 4F4E 2964 BF46 REVOKED: 0x4C44DA59 RSA F9 A0 DF 91 74 07 6A 1C 5F 0B E0 6B 4D CD 8C 44 My mail is GnuPG signed -- Unsigned ones are bogus -- http://www.gnupg.org/ Please do not remove my address from To: and Cc: fields in mailing lists. 10x msg04379/pgp0.pgp Description: PGP signature
Re: Microslosh vision of the future
Brad Knowles([EMAIL PROTECTED])@2002.08.12 22:47:31 +: > At 9:41 AM -0400 2002/08/12, William Warren wrote: > > > StarOffice to the rescue. > > Only until they change the file format again. Microsoft can > afford to change the file format on an even daily basis, and come out > with patches for the previous patches, and call them all "security > patches" so that everyone is either forced to apply them or dump > Microsoft altogether. > > Open source projects can't possibly afford to keep up, if > Microsoft decides to go down this road. opensource projects need to converge efforts in designing new data formats, file formats being just a serialized representation of data in mem. being fully portable between several (OSS) applications will bring the giant to its knees. of course, all of you know that, and this is not operational content, i'm silent again ;-) regards, /k -- > Q: What do you get when you cross Dracula with a used car dealer? > A: autoexec.bat WebMonster Community Project -- Reliable and quick since 1998 -- All on BSD http://www.webmonster.de/ - ftp://ftp.webmonster.de/ - http://www.rohrbach.de/ GnuPG: 0xDEC948A6 D/E BF11 83E8 84A1 F996 68B4 A113 B393 6BF4 DEC9 48A6 REVOKED: 0x2964BF46 D/E 42F9 9FFF 50D4 2F38 DBEE DF22 3340 4F4E 2964 BF46 REVOKED: 0x4C44DA59 RSA F9 A0 DF 91 74 07 6A 1C 5F 0B E0 6B 4D CD 8C 44 My mail is GnuPG signed -- Unsigned ones are bogus -- http://www.gnupg.org/ Please do not remove my address from To: and Cc: fields in mailing lists. 10x msg04346/pgp0.pgp Description: PGP signature
Re: SSHD
Jeremy T. Bouse([EMAIL PROTECTED])@2002.06.26 13:40:28 +: > Just be sure you read the full advisory and look deep into it > and your own configuration. Recent news has come to light which appears > that it is most *BSD OS flavors and those using BSD_AUTH and SKEY. Most > often these are not enabled by default on non-BSD OSes. according to several discussions that took part in the last 48 hours, the flaw fixed in 3.4 might also impact on systems using PAM for authenticating ssh logins; it appears to me that the involved group of researchers did not test operating systems other than the free *BSDs. CA-2002-18 has some more vendor specific information: http://www.cert.org/advisories/CA-2002-18.html sure, it's a critical bug, but one should not oversee the apache chunk handling vulnerability published in CA-2002-17 as it has been integrated into skr1ptk1dd13's "tools" already, apparently. depending on your site's policy you probably have tight restrictions on ssh access, but http is probably allowed from 0/0 so it might be even more critical. regards, /k -- > [X] <-- nail here for new monitor WebMonster Community Project -- Next Generation Networks GmbH -- All on BSD http://www.webmonster.de/ -- ftp://ftp.webmonster.de/ -- http://www.ngenn.net/ GnuPG: 0xDEC948A6 D/E BF11 83E8 84A1 F996 68B4 A113 B393 6BF4 DEC9 48A6 REVOKED: 0x2964BF46 D/E 42F9 9FFF 50D4 2F38 DBEE DF22 3340 4F4E 2964 BF46 REVOKED: 0x4C44DA59 RSA F9 A0 DF 91 74 07 6A 1C 5F 0B E0 6B 4D CD 8C 44 My mail is GnuPG signed -- Unsigned ones are bogus -- http://www.gnupg.org/ Please do not remove my address from To: and Cc: fields in mailing lists. 10x msg03078/pgp0.pgp Description: PGP signature
Re: Controlling Spam to the NOC
Jeff Workman([EMAIL PROTECTED])@2002.05.23 16:41:08 +: > > Hello, > > Has anybody on this list figured out an effective way to eliminiate, or at > least severely limit, the amount of spam that arrives in your NOC? I am > aware of solutions such as Spamassassin, Vipul's Razor, and the various RBL > lists, but has anybody used one of these solutions, or anything else, to > reduce the amount of spam going into noc@/trouble@/etc mailboxes without > severely restricting the rest of the internet's ability to reach the noc > via email for legitimate purposes? Particularly in a NOC where it's quite > possible that some of your customers are listed in the RBLs but still need > to reach you. TMDA as per-account or generic delivery filter (depending on your MTA setup), with a whitelist of known customers (which should be easy to derive from a CRM backend or customer address database and a few lines of shell voodoo). regards, /k -- WebMonster Community Project -- Reliable and fast since 1998 -- All on BSD http://www.webmonster.de/ -- ftp://ftp.webmonster.de/ -- http://www.apache.de/ GnuPG: 0xDEC948A6 D/E BF11 83E8 84A1 F996 68B4 A113 B393 6BF4 DEC9 48A6 REVOKED: 0x2964BF46 D/E 42F9 9FFF 50D4 2F38 DBEE DF22 3340 4F4E 2964 BF46 REVOKED: 0x4C44DA59 RSA F9 A0 DF 91 74 07 6A 1C 5F 0B E0 6B 4D CD 8C 44 My mail is GnuPG signed -- Unsigned ones are bogus -- http://www.gnupg.org/ Please do not remove my address from To: and Cc: fields in mailing lists. 10x msg03077/pgp0.pgp Description: PGP signature