Re: large organization nameservers sending icmp packets to dns servers.
On Thu, 9 Aug 2007 15:53:12 -0700 (PDT) Doug Barton [EMAIL PROTECTED] wrote: How many bytes of shell code can you stuff into a 4096 byte EDNS0 UDP packet? :) Probably a lot. People used to have 4-line signatures with the PGP encryption or DECSS. I have a 152-byte C program that calculates 32K digits of PI. matthew black network services california state university, long beach
Re: Abuse procedures... Reality Checks
On Sat, 7 Apr 2007 20:41:19 -0500 (CDT) Robert Bonomi [EMAIL PROTECTED] wrote: BLUNT QUESTIONS: *WHO* pays me to figure out 'which parts' of a provider's network are riddled with problems and 'which parts' are _not_? *WHO* pays me to do the research to find out where the end-user boundaries are? *WHY* should _I_ have to do that work -- If the 'upstream provider' is incapable of keeping _their_own_house_ clean, why should I spend the time trying to figure out which of their customers are 'bad guys' and which are not? A provider *IS* responsible for the 'customers it _keeps_'. And, unfortunately, a customer is 'tarred by the brush' of the reputation of it's provider. Um, with that reasoning, why not just block the whole /0 and be done with it? Seriously, I used to share your frustration and would block large swaths of the Internet for rather minor offenses. I finally realized this practice didn't help. Why not get yourself some sort of intrusion detection/prevention system or fully firewall your hosts. If you have a spam problem, get an e-mail security appliance which uses reputation filtering to reject connections? matthew black california state university, long beach
Re: Blocking mail from bad places
On Thu, 5 Apr 2007 14:01:10 -0700 Ken Simpson [EMAIL PROTECTED] wrote: James R. Cutler [05/04/07 16:30 -0400]: Todd makes my point exactly. As he notes, the rejection message tells me that the message was rejected by some system. It does not tell my why it was rejected. Thus, just like this message, it adds more to the noise to signal ratio! Has anyone ever thought of standardizing the 500-responses from the DATA phase? For instance, maybe 571 could always mean rejected because of the spam filter. If there was a standard for these response codes then maybe clients like Microsoft Outlook could do something useful with the error message. Regards, Ken I had a good chuckle after reading your message. It's a great suggestion BUT... Microsoft products already ignore 5xx responses. From what I've seen, Outlook and Exchange will indefinitely retry a message after receiving a 5xx error. Outlook keeps the message in the user's PersonalFolders/Outbox for subsequent delivery attempts when you hit Send/Receive. We've seen lots of clients here attempt to send the same message every minute for weeks when the message exceeds our message size restrictions. Have they recently fixed this or released patches for all older product versions? Best regards, matthew black network services california state university, long beach 1250 bellflower boulevard long beach, ca 90840-0101
Re: Blocking mail from bad places
On Wed, 4 Apr 2007 08:46:33 -0700 Ken Simpson [EMAIL PROTECTED] wrote: [...snip] Captchas apparently help quite a bit to stem this kind of problem because they install a technical barrier that, while not impossible to break through programatically, at least delays things a bit and reduces the ROI for the spammer. Regards, Ken -- Ken Simpson, CEO MailChannels Corporation Reliable Email Delivery (tm) http://www.mailchannels.com Captchas are all fine and dandy but they are not ADA compliant and certainly a no-no for government or public agencies. Don't believe me? Accessibility issues (Section 508) will be the next Y2K obstacle for IT folks because all of our future software purchases require that the software is accessible. Within the next 18 months we'll have to provide a VPAT [example: http://www.section508.nasa.gov/vpat3.htm] for all software purchases. If your company doesn't know about these yet kiss goodbye to all your government customers. As for catching spam and viruses we gave up on open-source solutions a long time ago in favor of IronPort appliances. These products negate almost 100% of your effort in maintaining greylists or rulesets. You have plenty of choices out there with very different approaches and you can bet the top-tier companies like MailChannels, IronPort, and Mirapoint (among others) have something to make your life easier. matthew black network services california state university, long beach 1250 bellflower boulevard long beach, ca 90840-0101
Re: Blocking mail from bad places
On Tue, 03 Apr 2007 19:39:55 -0400 [EMAIL PROTECTED] wrote: On Tue, 03 Apr 2007 15:18:36 PDT, Scott Weeks said: What I meant was: when only a few folks use email, the spammers will go away. They won't go away, they'll just go infest whatever the people are using. We're already seeing significant amounts of blog-comment spam, and as soon as the spammers find a good methodology, they'll be Myspace and YouTube spam (if they aren't already) MySpace and blog spamming can be cured instantly if users required all public posts to be moderated rather than automatically accepted. Many people see blogging as analogous to newspaper publishing. If you want to be a newspaper publisher, you also need an editor to review content printed in your paper (posted to your blog). I've posted to the Washington Post blogs and their on-line folks read and review each and every post to keep out the spam. Sure it's expensive, but that's the price for quality forums. If you leave a blank canvas for all to use, the taggers will come. As for YouTube spamming...well, that's like classified advertising. Some people will pay for big bold spots and some people can only afford a two-line ad. If you want to give everyone the opportunity to post for free, you have to accept the garbage. Do you want a content editor to ensure policy compliance or let it be a open to all who come? matthew black network services california state university, long beach 1250 bellflower boulevard long beach, ca 90840-0101
Re: who was the last legit spammer?
On Sun, 28 Jan 2007 09:30:09 -0500 (EST) Jon Lewis [EMAIL PROTECTED] wrote: On Sun, 28 Jan 2007, Travis H. wrote: Hey, was discussing something from the long distant past recently. Specifically it was my memory of the last legitimate spamhaus, and how (IIRC) their backbone was DDoS'd as an act of pseudo-vigilante justice. I also seem to remember their backbone as spinning it as a content-neutral free-speech kind of thing, but they buckled and the Internet was probably better off. Legit spammer? Perhaps you're thinking of Sanford Wallace's cyberpromo and AGIS? http://www.cctec.com/maillists/nanog/historical/9710/msg00018.html Kanter Seagal's Green Card spam? I think they were the first wide-spread spam. Anyone recall the year/date? I'm thinking 1993. matthew black network services california state university, long beach
Re: HTML email, was Re: Phishing and BGP Blackholing
On Wed, 17 Jan 2007 19:38:14 -0600 Travis H. [EMAIL PROTECTED] wrote: [...snip] The domain name system has enough problems (is mazdausa.com really related to mazda.com?) without involving javascript and ActiveX, but they could be corrected with proper education (how about keeping every URL under one second-level domain related to your company, perhaps companyname.com) This presupposes that corporations have a more significant claim to domain names than individuals. Does anybody recall the fiasco between ETOY.COM and ETOYS.COM? The former was created by an artist years before the now defunct toy retailer. ETOYS' corporate bullying took away the artist's longstanding domain claiming it might confuse consumers. Proper education cannot be achieved ever. Who should have the rights to MCDONALDS.COM or FORD.COM? A large multinational corporation or the entity which set-up an on-line presence first? Assuming here that someone isn't domain squatting or abusing trademarks, for example, FORD's hamburger company advertising automobiles. Trademarks in themselves do not grant domain rights, just exclusive use of a name as a PARTICULAR type of business. That is the real problem. Phishing problems will not be corrected without multinational government coooperation (which I fear for other reasons) because the problems cross teritorial boarders. I received a clever phishing attempt from Chase Manhattan Bank directing me to the domain chaserewards.com. This is more a matter of companies informing their customers which domain names are valid. /RANT matthew black network services california state university, long beach
Contact for THEPLANET.COM
Does anyone have a contact for THEPLANET.COM beyond their WHOIS listing? We are receiving 20,000 spam per day from one of their customers and they aren't very responsive. I'd rather get beyond first-line support before blocking a large swath 67.18.0.0/15. matthew black e-mail postmaster california state university, long beach
Re: Contact for THEPLANET.COM
On Fri, 20 Oct 2006 20:42:40 +0530 Suresh Ramasubramanian [EMAIL PROTECTED] wrote: They've been bought by ev1.net a few months back. And ev1.net has a quite usable rwhois server (and their abuse desk does work, as it happens) srs On 10/20/06, Matthew Black [EMAIL PROTECTED] wrote: Does anyone have a contact for THEPLANET.COM beyond their WHOIS listing? We are receiving 20,000 spam per day from one of their customers and they aren't very responsive. I'd rather get beyond first-line support before blocking a large swath 67.18.0.0/15. Thanks to all who contacted me off-list. I know some of this is usually discussed on the botnets forum. Getting rid of spammers is a cooperative effort and often the hosting ISPs (NANOG members) are also victims. matthew black california state university, long beach
Re: Broadband ISPs taxed for generating light energy
A rather humorous article from a rhetorical perspective. The reporter emphasizes the innocence of generating light while ignoring its commercial aspects. Those light pulses are very valuable to recipients. This tax seems to parallel the U.S. Federal Excise Tax on photons and electrons (i.e., telephone service). I don't see anything unusual here other than a weak argument against taxing authority. If you want to argue against the concept of taxation, be my guest. But let's not obfuscate the real issue here. Tax evasion often results in assessment of hugh penalties. Just ask Spiro Agnew or Al Capone. This is news? matthew black california state university, long beach On Tue, 10 Oct 2006 19:58:13 +0530 Suresh Ramasubramanian [EMAIL PROTECTED] wrote: .. because they provide internet over fiber optic cables, which work by sending pulses of light down the cable to push packets .. http://www.hindu.com/2006/10/10/stories/2006101012450400.htm So they get slapped with tax + penalties of INR 241.8 million. Broadband providers accused of tax evasion Special Correspondent Commercial Tax Department serves notice on Airtel # Firms accused of evading tax on sale of `light energy' # Loss to State exchequer estimated at Rs. 1,200 crore Bangalore: The Commercial Tax Department has served a notice on Airtel, owned by Bharti Televentures Ltd., seeking payment of Rs. 24.18 crore as tax, interest and penalty for the sale of `light energy' to its customers for providing broadband through optical fibre cables (OFC). The department has been investigating alleged tax evasion by OFC broadband providers, both in the public and private sectors, for selling light energy to customers. While the assessment on Airtel was completed and a notice issued to it for alleged tax evasion during the year 2005-06, no assessment has been concluded on other OFC broadband providers, A.K. Chitaguppi, Deputy Commissioner of Commercial Taxes, said. Other OFC broadband providers facing tax evasion charges are public sector BSNL and private sector VSNL, Reliance, Tata Teleservices and Sify. The Commercial Tax Department has estimated a loss of Rs. 1,200 crore to the State exchequer in this regard since OFC broadband providers have been operating in the State for several years. Mr. Chitaguppi said that OFC operates on light energy, which is artificially created by the OFC providers and sold to customers for the purpose of data transmission and information, on the OFC broadband line. Without such energy, data or information cannot be transmitted. Whoever sells light energy is liable to pay VAT as it comes under the category of goods, and hence its sale constitutes taxable turnover attracting VAT at 12.5 per cent, he said. Bharti Televentures had approached the Karnataka High Court seeking to quash the demand notice, but failed to get a stay when the case was heard by Justice Shantanu Goudar on September 1. The judge rejected Bharti's plea seeking issue of an injunction against any initiatives from the Commercial Tax Department on the recovery of the tax. Bharti Televentures had contended in the High Court that re-assessment orders passed by State tax officials and the issue of demand notice was not valid as the disputed activity fell under the provision of service tax levied by the Union Government and did not attract VAT. The High Court is expected to take up the case for hearing again in the next few days. `Business venture' The Commercial Tax Department has argued that the OFC broadband operators are running a business venture after investing thousands of crores to put in place a state-of-the-art set-up to artificially generate light energy and supply it to its customers for their data transmission work. The characteristics of the light energy constitute a moveable property, which has to be categorised as `goods' as per the norms laid down by the Supreme Court. In the process of data transmission, other than light energy, no other elements are involved and the customers are paying for the same. This proves that light energy constitutes goods, which is liable for levy of tax. Therefore, the State has every legal competence and jurisdiction to tax it, the department has contended. It has taken serious note of the non-payment of taxes by the broadband service providers. Reporting a turnover and then claiming exemption is one thing. But some of the OFC operators don't even report their turnovers, Mr. Chitaguppi alleged.
Re: ISP wants to stop outgoing web based spam
On Wed, 09 Aug 2006 15:59:52 +0200 Jeroen Massar [EMAIL PROTECTED] wrote: On Wed, 2006-08-09 at 09:50 -0400, Mills, Charles wrote: I think if such a thing would exist, the verification gifs to prevent automated free yahoo and hotmail account signups would be defeated as well. You mean Captcha (http://en.wikipedia.org/wiki/Captcha) Which is not so much of an issue: http://sam.zoy.org/pwntcha/ Use of captchas has serious accessibility issues:0 visually-impaired users will have trouble completing forms. From a legal standpoint, this is a no-go and most definitely not possible for any government or public-sector agency in the United States. Several web accessibility regulations prohibit impairments. matthew black network services california state university, long beach 1250 bellflower boulevard long beach, ca 90840-0101
Re: ISP wants to stop outgoing web based spam
On Wed, 9 Aug 2006 18:11:47 +0300 (IDT) Hank Nussbacher [EMAIL PROTECTED] wrote: [original message edited for brevity--m.black] Based on my stats from Spamcop, 60% of all outgoing spam is http based rather than smtp based. Others may have slightly higher or lower numbers. So, is there any magic fu out there to solve this? Thanks, Hank Nussbacher http://www.interall.co.il Maybe I'm just an ignorant e-mail postmaster. I thought that nearly all e-mail was (E)SMTP-based (LMTP excepted). If it doesn't use the SMTP protocol, it's not reaching any mailbox. HTTP is a web browser protocol. WebMail gets converted by the web server and is subsequently routed using SMTP. matthew black network services california state university, long beach 1250 bellflower boulevard long beach, ca 90840-0101
Re: AOL Mail Problem
On Thu, 27 Jul 2006 09:28:24 -0700 chuck goolsbee [EMAIL PROTECTED] wrote: [original message edited for brevity--m.black] The fatal flaw in AOL's feedback system is that it is user-generated, and users will classify virtually anything as spam. It is actually quite entertaining to skim the scomp feed... ecommerce confirmation/shipping notifications, mailing lists they subbed themselves to, personal correspondence(!), etc. I have heard that the AOL mail UI puts the report as spam button right next to the delete button, which perhaps accounts for the error rate which (at least in our case) exceeds 96%. I get the AOL feedback for my university and am also quite amused what their customers consider as spam: - Notification of acceptance of admission to the university - Notification of financial aid award - Personal replies from campus faculty to students - Confirmation of employment application submission Someone told me that it's probably a careless error when users make these mistakes. However, my friend has AOL and when I looked at his client, the Submit Spam menu choice was nowhere near Delete. I have to agree with a poster who claimed e-mail is as dead as citizen's band radio. I better plan for alternative employment. matthew black california state university, long beach
Re: AOL 421 errors
On Thu, 4 May 2006 10:47:28 -0700 (PDT) Matt Ghali [EMAIL PROTECTED] wrote: On Wed, 3 May 2006, Joe Maimon wrote: COUNTER-RANT You know, people say things like this a lot. Its not relevant. What is relevant is how AOL is supposed to know that a) the email considered for rejection is actually wanted b) and wanted by AOL employees themselves And if they did know how to accurately determine that, we wouldnt be having this discussion. The irony here of course, is that Matt Black's systems can't even tell if they want the mail until _after_ the accept it- but that's a feature, and AOL's in-transaction softfails are evil. Or something. matto [EMAIL PROTECTED]darwin Moral indignation is a technique to endow the idiot with dignity. - Marshall McLuhan Nothing beats an ad hominem attack, huh? The irony here is that your message contains that tribute to the media critic. Now, it seems you are sugggesting that my e-mail servers hold back on final accept until a message gets delivered to a remote AOL server. Did I misread the above message? For what it's worth, I received a very nice e-mail and had an extended telephone conversation with a third-tier support manager from AOL. They do respond and that's why I placed my original post on this thread. I've found that honey is usually more effective than vinegar (that's a metaphor). matthew black network services california state university, long beach
AOL 421 errors
We've noticed a surge in 421 e-mail errors from AOL.
Message soft bounced for '[EMAIL PROTECTED]', '4.3.2 - Not accepting messages at
this time ('421', [': (DYN:T1)
http://postmaster.info.aol.com/errors/421dynt1.html', 'SERVICE NOT
AVAILABLE']) []'
It seems as though they've tightened down their policies.
We're pretty good at preventing spam with our IronPort
anti-spam gateways and internal policies.
We've also subscribed to their FBL notification service.
I'm surprised at the types of messages AOL customers consider
as spam. Anything and everything: university admission acceptance
notices; instructor class assignments; photos from friends; etc.
matthew black
california state university, long beach
Re: Spam filtering bcps [was Re: Open Letter to D-Link about their NTP vandalism]
On Wed, 12 Apr 2006 18:56:44 -0700 (PDT) Steve Thomas [EMAIL PROTECTED] wrote: How does one properly report delivery failure to a guerrilla spammer? If you accept the message, you can presumably deliver it. In this day and age, anyone accepting mail for a domain without first checking the RCPT TO - even (especially?) on a backup MX - should have their head examined. In the event that the RCPT TO is valid but the message truly can't be delivered for some other reason, In this day and age it is not always possible to check for valid addresses at a border SMTP gateway. Sites have multiple legacy systems which are not very interoperable. Some e-mail gateways are incapable of scanning messages in-line. How does that make the gateway junk or the system administrator an idiot or incompetent? you should bounce the message and fix the problem. This is advocating collateral damage because nearly all spam and viruses have return paths which falsely implicate innocent victims (i.e., blowback). Users don't want it delivered or dropped in their junk folder; most wouldn't know what to do with a junk folder. E-mail systems require investments in the 100s of thousands of dollars, not some Windows PC running Linux. The largest part of the cost equation is personnel and training, not hardware. Large organizations like our shy away from open source software in many situations NOT because it's open source. We opt for commercial solutions so employees, like me, can take vacation and know that other employees can handle problems and let me enjoy my vacation without carrying a pager (unless you think it's cool to be tethered to your job 24/7 with a Blackberry). Dogmatic adherence to a literal reading of every RFC is impractical. When my organization decided to drop BrightMail postively-identified spam, we accepted a FP rate of less than one in a million as a good thing, fully aware that this violated RFC 821. I used to love sendmail but recommended our organization drop it. Sendmail's queue processing algorithm was (is?) hopelessly broken and delayed e-mail for hours or just discarded it after five days because sendmail couldn't properly prioritize the queue. With our IronPort C60 gateway, almost all e-mail is processed sub-second, users don't see postiviely-identified spam, and viruses and phishing attempts are a thing of the past. Should I no longer be able to perform my duties, for whatever reason, our e-mail system will continue running and someone else can take on my responsibilities with a tiny learning curve. No worries about whether SpamAssassin got it's update. No worries about whether ClamAV will be running next month. No worries about system outages during complicated open-source software upgrades, even for a few minutes. Unless you feel those are OK. Ask yourself this question: can your organization survive a loss of its entire technical staff? Would new employees be able to manage your systems or would chaos result? matthew black california state university, long beach
Re: Spam filtering bcps [was Re: Open Letter to D-Link about their NTP vandalism]
Several people kindly contacted me off list with laborious explanations of how to implement delayed 550 rejections using sedmail, et al. We gave up sendmail years ago in favor of a competing solution. I haven't seen any succinct justification for providing a 550 message rejection for positively-identified spam versus silently dropping the message. Lots of how-to instructions but no whys. matthew black california state university, long beach
Re: Spam filtering bcps [was Re: Open Letter to D-Link about their NTP vandalism]
On Wed, 12 Apr 2006 20:30:16 +0530 Suresh Ramasubramanian [EMAIL PROTECTED] wrote: On 4/12/06, Matthew Black [EMAIL PROTECTED] wrote: I haven't seen any succinct justification for providing a 550 message rejection for positively-identified spam versus silently dropping the message. Lots of how-to instructions but no whys. For viruses - fine. But you are not going to find any spam filter in the world that doesnt have false positives. And in such cases its always a good idea to let the sender know his email didnt get through. Agreed, but we're willing to live with an error rate of less than one in a million. This isn't a space shuttle. I don't think the USPS can claim 99.% delivery accuracy. Nonetheless, to allay worries, we are considering spam quarantines to allow recipients an opportunity to review spam messages themselves, much like Yahoo! Mail. Complaints about e-mail not getting through won't be solved with a 550 versus silently dropping spam because most users aren't willing to sift through e-mail errors to find the specific cause for delivery failure. Members of this list are a rare exception. Like for example - you see a large webmail provider whose hosts and domains keep getting forged into spam, misread the headers and block that provider. In such cases, its your users who arent getting a lot of valid email from their friends and relatives who are using that provider, and 550'ing instead of trashing email saves the senders, and their provider, quite lot of time that'd otherwise be spent troubleshooting the issue. Plus, 5xx smtp rejects tend to save your bandwidth a bit compared to accepting the entire email (not that it matters on a small university domain where your userbase is going to be fairly small, and bandwidth available quite generous .. but for larger sites, or sites with bandwidth issues, that's definitely a concern) We already reject most connections with a 550 or TCP REFUSE based on reputation filtering and blacklists, et al. Where is the bandwidth savings once we've accepted an entire message, scanned it, determined it was spam, then provided a 550 rejection versus silently droping? matthew black california state university, long beach
Re: Spam filtering bcps [was Re: Open Letter to D-Link about their NTP vandalism]
On Wed, 12 Apr 2006 21:12:44 +0530 Suresh Ramasubramanian [EMAIL PROTECTED] wrote: On 4/12/06, Matthew Black [EMAIL PROTECTED] wrote: Where is the bandwidth savings once we've accepted an entire message, scanned it, determined it was spam, then provided a 550 rejection versus silently droping? If you can scan it inline, you can stop, issue a 550 and drop the SMTP connection any time you want. Like for example, midstream when you discover a fake header pattern. You'd start with whatever can be rejected in session - fake HELOs, blocklist listed IPs, random faked headers, dodgy attachment types that are more likely to be viruses than not Then apply the heavier and more cpu intensive filters later, on a much smaller volume of spam We already do this. Maybe not all that much of a bandwidth / cpu saving, but saving remote postmasters the hassle of troubleshooting lost email is always a good idea. After all said methods have been performed and the message gets through reputation filtering; blacklists; forged/munged headers, e-mail addresses, domain names the message comes in and then there's that final dot. Up to this point, the message hasn't proven to be spam until it can be scanned using BrightMail, SpamAssassin, Baysian filters, DCC lists, or other methods. All I'm saying is that once the full DATA submission has completed, there's no bandwidth savings from silently dropping the message versus providing a 550 rejection. In the best of all worlds, it would be nice to give feedback. No system is perfect and a false-positive rate of less than one in a million 220 accepted messages seems pretty small. matthew black california state university, long beach
Re: Spam filtering bcps [was Re: Open Letter to D-Link about their NTP vandalism]
On Wed, 12 Apr 2006 14:18:24 -0400 [EMAIL PROTECTED] wrote: On Wed, 12 Apr 2006 10:16:53 PDT, Steve Thomas said: I haven't seen any succinct justification for providing a 550 message rejection for positively-identified spam versus silently dropping the message. Lots of how-to instructions but no whys. RFC 2821? ...the protocol requires that a server accept responsibility for either delivering a message or properly reporting the failure to do so. Your statement is open to multiple interpretations. I argue that anytime our system identifies a message as spam that it gets delivered to the system bit bucket. RFC-821 and netiquette also mandate e-mail be properly addressed. System manufacturers and administrators make compromises because strict adherence to the rules is not always possible from an operational perspective. Elsewhere in 2821 (6.1, to be specific): When the receiver-SMTP accepts a piece of mail (by sending a 250 OK message in response to DATA), it is accepting responsibility for delivering or relaying the message. It must take this responsibility seriously. It MUST NOT lose the message for frivolous reasons, such as because the host later crashes or because of a predictable resource shortage. Lost me on that part about crashes being frivolous reasons. This is a political statement not an indisputable matter of fact. OK? Got that? You '250 OK' it, you got a *serious* responsibility. Losing the message because the whole damned machine crashes is considered a frivolous reason. And throwing it away because you don't like the way it looks is OK? Man, ...*** you're in for some severe karmic protocol payback down the road... ;) I'm not the one throwing them away and never look at them; watch the finger wagging. And thanks for the karma heads up, Bhudda. matthew black california state university, long beach
Re: Spam filtering bcps
On Wed, 12 Apr 2006 14:28:59 -0500 (CDT) Bryan Bradsby [EMAIL PROTECTED] wrote: Silently deleting other people's e-mail should never even be considered. Unless that email is a virus, or a spam with a forged envelope sender. -bryan bradsby Aha, so there are situtations where this is acceptable? What about deleting viral attachments or altering subject lines...is that permissible? The sweeping generalizations I've read leave little room for responding to real-world situations. matthew black california state university, long beach
Re: Open Letter to D-Link about their NTP vandalism
On Mon, 10 Apr 2006 23:23:06 -0700 (PDT) Matt Ghali [EMAIL PROTECTED] wrote: On Tue, 11 Apr 2006, Simon Lyall wrote: Everyone here runs spam filters. Many times a day you tell a remote MTA you've accepted their email but you delete it instead. Explain the difference? Hold on there. What you are describing is evil and bad, and I certainly hope everyone does not do that. When I do not wish to accept a message, I do not accept it, rejecting with an SMTP permanent delivery failure. Don't mean to go off on a tangent, but accepting and then silently discarding mail is a terrible idea. matto Are you suggesting that we configure our e-mail servers to notify people upon automatic deletion of spam? Frequently, spam cannot be properly identified until closure of the SMTP conversation and that final 200 mMESSAGE ACCEPTED...or do you think that TCP/IP connection should be held open until the message can be scanned for spam and viruses just so we can give a 550 MESSAGE REJECTED error instead of silently dropping it? Because most spam originates from a bogus or stolen sender address, notification creates an even bigger problem. What's next: asking for permission to hang up on telemarketers? matthew black network services california state university, long beach
Re: Sober
On Fri, 02 Dec 2005 19:09:23 -0500 Jim Popovitch [EMAIL PROTECTED] wrote: Joseph S D Yao wrote: Why would anyone not trolling for viruses use MS mail products, Chris? Because they are forced or told to by their MIS department? Sometimes the blind do lead the blind...and the blind follow (who's leading?) :-) It's also worth pointing out that MS mail products generally include a lot more functionality than just email. Calendaring and workflow are in high demands. Give MIS departments a better product and they will use it. -Jim P. What makes MS products so wonderful is they include much more functionality than many other products. What makes MS products so horrible is that the add functionality by making users' systems vulnerable to security threats under the guise of helpfulness (e.g., VB scripting, auto preview in Outlook). We too saw a large surge in e-mail bounces hitting our site. Our IronPort e-mail gateways are configured to drop viruses laden and undeliverable messages rather than bounce them to the victimized from sender. Why Fortune-500 e-mail administrators cannot figure out this one is confounding. How about a nice article in WSJ, Fortune, or Forbes which lists the companies with misconfigured systems so investors are informed as to the IT infrastructure of their investments? If you're not part of the solution, you're part of the problem. matthew black california state university, long beach
Verizon telco outage in LongBeach, CA
Verizon California is reporting a loss of local telephone service in Long Beach, California. Calls into and out of the area are not possible. They are advising citizens to use their wireless carriers for 911 service. As 911 calls are connected to the CA Highway Patrol here, that could delay emergency response times quite significantly. matthew black california state university, long beach
Re: Verizon outage in Southern California?
On Tue, 18 Oct 2005 08:48:50 -0700 (PDT) Jay Hennigan [EMAIL PROTECTED] wrote: We lost connectivity to a number of customers in the Los Angeles and Long beach area and the local AM radio news stations are talking about some major telephone issues regarding Verizon. Anyone have more information? It seems to have started around 02:30 local time this morning. Yup, the news is true. We have lost outside telephone service at CSU Long Beach to all but Verizon customers connected to our local central office. Newspapers are reporting that the outage began Tuesday around 2:30 a.m. local time and is affecting a wide area including Long Beach, Huntington Beach, Laguna Beach, Artesia, Downey, Bellflower and Westminster (not a complete list). Search for details. http://news.google.com/nwshp?hl=entab=wnq=verizon%20long%20beach matthew black california state university, long beach
Re: Verizon outage in Southern California?
On Tue, 18 Oct 2005 12:59:37 -0700 Steve Sobol [EMAIL PROTECTED] wrote: Olsen, Jason wrote: Anyone have more information? It seems to have started around 02:30 local time this morning. We lost connectivity (WAN/Internet/POTS) to our Long Beach site at around 2:27 AM PDT today. Several news agencies are reporting it on the web (hooray news.google.com), citing mechanical glitches or bad weather. Bad weather could definitely be a factor. Southern Cali electric utilities are notoriously unreliable during bad weather, especially up in my neck of the woods. It's been raining pretty steadily here for the past two days; I drove 150 miles from Apple Valley to northeast San Diego this morning and it was even raining down here in SD -- may still be raining now, I just haven't looked outside. I even heard a radio report that a funnel cloud touched down in the foothills outside Los Angeles; I forget exactly where. (That doesn't happen very often around here.) While weather in Southern California may affect your electricity, it has only a minor effect in the Long Beach area. Monday evening's storm was fairly mild with winds under 10 MPH and less than a half an inch of rain overnight. Not what I would consider a heavy storm. Rains do cause telco data problems. When I had dial-up, my maximum rate dropeed from about 45K to 37Kbps during and for a day or two following rain. Telephone service is beginning to be restored in the Long Beach area but is still sporadic. Around 2:20 or 2:30 a.m., I was awoken by my clock radio with three or more sets of soft buzzing noises--as though a radio station went silent. I checked my cordless phone and had dialtone, then went back to sleep. Is there any correlation? matthew black e-mail postmaster california state university, long beach
Re: Verizon outage in Southern California?
Around 2:20 or 2:30 a.m., I was awoken by my clock radio with three or more sets of soft buzzing noises--as though a radio station went silent. I checked my cordless phone and had dialtone, then went back to sleep. Is there any correlation? I guess my posting wasn't clear. The radio portion of my clock radio was completely off. The clock was working and the alarm was set for 5:50 a.m. to turn on the radio. My cordless phone sits adjacent to the clock radio. The cordless phone near my bed is an extension sitting in its charging base but it is not the base telephone station which is located in another room and plugged into a POTS line. During the night, my radio is normally silent. Maybe the noises that I heard around 2:30 a.m. came from the cordless phone instead of the clock radio. I just thought it was a conicidence that I hear strange noises around the same time my local phone company experiences a major outage. matthew black california state university, long beach
Re: Verizon outage in Southern California?
On Tue, 18 Oct 2005 15:38:06 -0500 Olsen, Jason [EMAIL PROTECTED] wrote: From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matthew Black Sent: Tuesday, October 18, 2005 3:13 PM Telephone service is beginning to be restored in the Long Beach area but is still sporadic. Our ATM WAN link through Sprint came back up around 1345 Central time, and the two DS1s for the school's Internet service were revived about fifteen minutes ago (1507 CDT). They've been rock-solid so something must be going right out there. When I called Sprint about any information they might have for the outage the tech said that the area was down due to a Verizon DACS failure. That must have been a spectacular failure, because I'm reading that it wiped out most everything ( http://www2.presstelegram.com/news/ci_3128087 indicates four tandems hit?! ) in the area. The articles are primarily focusing on the impact to E911 services, followed with the hit to POTS lines. I have yet to see any mention of impact to data in any of 'em. Here's what intrigues me about this outage: if it wiped out E911, most of the POTS and also impacted data services (as Jay Hannigan and I can attest), how did the cell towers that are also served by the network live through it? Jason Feren Olsen Senior Network Engineer DeVry, Inc Thanks for the link to the story update. Our OC3C (155 Mbps link) goes through a place called WestEd (not WestCom) in Seal Beach which is the headquarters for CENIC, the CA higher education network. We never saw any data outage for CSULB. I'm not completely familiar with the telco jargon. Does Tandem mean the same as a local central office, where POTS lines terminate at the switch? Long Beach has a population of 470,000. The C/Os I know of are: Alamitos at 7th Street and Termino, ZIP 90814 Clark near Clark Ave and Pacific Coast Highway, ZIP 90804 LongBeach at 6th Street and Elm Ave, ZIP 90802 Lakewood at Clark Ave and Connant St, ZIP 90808 LNBHCAXG at 3440 California Ave, ZIP 90807 (for my home) I have no idea whether cell service was truly affected. The announcements we sent to our campus suggested people use their cell phones for 911 service which would be serviced by the CA Highway Patrol (Erik Estrada, etc.) or a campus telephone which is serviced by our local campus police (sworn state police). I was completely unaware of the outage until someone else mentioned it in my office. matthew black california state university, long beach
Re: KVM over IP suggestions?
On Mon, 22 Aug 2005 11:15:23 -0400 Drew Weaver [EMAIL PROTECTED] wrote: Howdy, I'm looking for a way to give our remote users access to their servers, perhaps a KVM-IP solution. What we need is support for multiple users (more than 2), with access control that limits what users can connect to what ports on the KVM switch, and would allow you BIOS level access and os-installation type control over the server, would also be nice if it worked with windows and linux/unix based systems. Any suggestions would be helpful. Thanks, -Drew We have a non-IP switch from Raritan and saw presentations on their IP KVM products. Seemed pretty impressive. One problem you may want to focus on is screen resolution since the video output must be converted to IP packets with a lower refresh rate. We're planning to buy a few of these switches for remote monitoring. matthew black california state university, long beach
Re: @Home's 119 domain names up for sale
I remember @home.com as being one of the defunct domains for which we always had outbound e-mail queued. But exactly how is this bill related to the domain name sale other than the fact that your press release snippet contains the text string [EMAIL PROTECTED] Your post doesn't make that clear. Our government spends money on myriad of initiatives. Conservatives like to decry government spending as a total waste of resources. Keep in mind that every dollar spent by the government goes back into the economy, whether it be money to the oil industry (ala the new Energy Bill, money to Halliburton for Iraq operations), or low-income housing. The point is that the money goes back to citizens in the form of jobs, subsidized purchases (which help business sell items and services and create more jobs), or in the form of tax breaks to extremely wealthy individuals. Contrary to the rhetoric, the money doesn't vanish down a sinkhole. matthew black california state university, long beach Note: The opinions stated herein represent only myself and other like-minded individuals and may not represent my employer. On Wed, 10 Aug 2005 12:09:59 -0500 Frank Coluccio [EMAIL PROTECTED] wrote: re: @Home's 119 domain names up for sale Interesting that you'd bring this up. The federal pork trasfer of $1 Billion that was announced on Sunday to bridge the digital divide references an [EMAIL PROTECTED] program as a part of its underpinning. From: http://press.arrivenet.com/pol/article.php/679032.html ---snip: LISC/NEF and One Economy Launch $1 Billion Initiative to Bridgethe Digital Divide; Sen. Hillary Clinton Helps Unveil Initiative Sunday, August 07, 2005 Contact: Leslie Kerns of Solomon McCown Co., 617-933-5013 or [EMAIL PROTECTED] or Susan Sheehan of Vogel Communications, 503-449-1666 or [EMAIL PROTECTED] NEW YORK, Aug. 7 /U.S. Newswire/ -- Efforts to close the technological gap between America's haves and have-nots will get a boost this week. Local Initiatives Support Corp. (LISC) and its subsidiary the National Equity Fund (NEF) are partnering with One Economy to launch [EMAIL PROTECTED], a $1 billion initiative that will build more than 15,000 affordable homes with high-speed digital Internet connectivity and provide low-income families personal access to computers and technology services. The initiative expects to connect nearly 100,000 people to the vast advantage of the Internet. ---end snip It makes for some interesting reading for those of you tracking where your tax dollars are going. I'd be interested in reading some comments on this initiative, either on the board or by email. [EMAIL PROTECTED] = On Wed Aug 10 16:44 , Fergie (Paul Ferguson) sent: I know this is horribly off-topic, but seeing a reference to @Home kind made me a little nostalgic. :-) [snip] Apparently former high-speed Internet provider [EMAIL PROTECTED] once felt likewise. But At Home Liquidating Trust, successor to the once high-flying Internet darling [EMAIL PROTECTED], said Wednesday it is selling the former broadband company's 119 domain names. [snip] http://news.com.com/ExciteHomes+119+domain+names+up+for+sale/2100-1030_3-5826807.html
Re: Way OT: RE: @Home's 119 domain names up for sale
On Thu, 11 Aug 2005 11:57:25 -0500 Brian Johnson [EMAIL PROTECTED] wrote: Holy communist manifesto batman! Let's let the government fix everything. Hold on, hasn't that been tried already? Oh yeah the USSR. That was a blazing success. Conservatives generally aren't against the government helping in areas NO ONE ELSE CAN. It is obvious to everyone involved that the government largely screws up these sorts of initiatives and most of the money ends up wasted anyways. It's these pork projects that kill us. - Brian J. Wasted? Please elaborate. It's not like the money vanishes. The money goes somewhere, usually to pay non-government salaries. Corporate Amerika is wasteful too: WorldCom, Global Crossing, Enron, and Halliburton. These are companies that hurt the lives of millions of Americans, including 40,000,000 citizens of California who pay double the national average for electricity because Enron gamed the system. We pay 15 cents per kilowatt! That wasn't completely the government's fault. matthew black california state university, long beach Note: Options expressed are mine and do not necessarily represent my employer.
AUP for NANOG?
Do we have an Acceptable Usage Policy fot this NANOG mailing list? Of late this forum has become a forum for ad hominem rather than a friendly discussion of technical issues. While I may disagree with the opinions of others, I wouldn't resort to name calling or belittling. This reminds me of the way others behaved when I entered the field some 25 years ago. Some people were very helpful and friendly. Others responded very arrogantly with the tone of how stupid you are for asking that question. If you're so smart, feel free to share your knowledge. It's unnecessary to belittle someone for asking a question or stating an opinion. The motivation behind this post is to serve as a reminder of the purpose of the NANOG forum. Let's return some decorum here. matthew black california state university, long beach
Re: Hotmail-- Again??
On Wed, 13 Apr 2005 07:18:41 +0530 Suresh Ramasubramanian [EMAIL PROTECTED] wrote: On 4/12/05, Matthew Black [EMAIL PROTECTED] wrote: 2. After given a numeric SMTP error response code between 500 and 599 (also known as a permanent non-delivery response), the sender must not attempt to retransmit that message to that recipient. Microsoft Outlook doesn't follow this rule. Outlook perpetually retries sending messages which encounter an SMTP permanent error between 500 and 599. How interesting that their on-line e-mail service has rules that prevent use of the parent company's own products. 8-) Outlook is not an MTA and it is not going to connect to MSN/Hotmail's servers to deliver mail. And Hotmail is run by a rather different group of people than those that code Outlook. You missed the point of my message. I am fully aware that Outlook is an MUA and Hotmail does not let their free customers use MUAs. Paid Hotmail customers are permitted to use their own MUA. The point of my original post is that Microsoft owns an on-line e-mail portal that follows RFC-[2]821 (or is it [2]822) by requiring connecting systems to obey the 5xx response codes as permanent failures and never attempt redelivery of the errant message. Microsoft Outlook and Exchange do NOT understand that 5xx error codes are permanent and will attempt redelivery, indefintely in the case of Outlook. matthew black california state university, long beach
Re: Hotmail-- Again??
On Tue, 12 Apr 2005 11:13:31 -0400 Jim McBurnett [EMAIL PROTECTED] wrote: Hi all, Please excuse me for any off topic info here, but I can't seem to find the email that had the details of Hotmail's new blocking policy. Does someone have the name / # handy for the hotmail help line for sysadmins? In researching an answer to your question, I came across the following information on the MSN website: http://advertising.msn.com/adproducts/Email_TechStd.asp 2. After given a numeric SMTP error response code between 500 and 599 (also known as a permanent non-delivery response), the sender must not attempt to retransmit that message to that recipient. Microsoft Outlook doesn't follow this rule. Outlook perpetually retries sending messages which encounter an SMTP permanent error between 500 and 599. How interesting that their on-line e-mail service has rules that prevent use of the parent company's own products. 8-) matthew black california state university, long beach
Re: National Do Not Call Registry has opened
Has anyone noticed an obvious hole in the new DNC Registry? Anyone can start sending delete requests to remove another person's phone number from the list. Since they don't save anything about the request other than the phone number and date (see Privacy Policy; they don't collect e-mail or IP addresses), a devious person could remove your phone number from the list. Simply go to the webpage, enter a phone number and a throw-away address from YAHOO.COM. After receiving the confirmation e-mail, simply reply YES. Why didn't they require delete requests to come only from the phone as opposed to annonymous web requests? matthew black network analyst california state university, long beach
