Re: Dumb users spread viruses
At 02:46 PM 2/8/2004, Paul Vixie wrote: In this past year's tour of my friends and family, I've taken to removing their antivirus software at the same time I remove their spyware, and I've taken to installing Mozilla (with its IMAP client) as a way to keep the machine from having any dependency on anti-virus software. IT managers are encouraged to consider a similar move next time they're asked to approve the renewal costs of a campus-wide anti-virus license. Do you honestly think that any IT manager is going to be successful getting an entire company to dump Outlook/Exchange and stop using anti-virus software? Do you have an example (within the North American area of interest to NANOG members) where this has actually happened? IMHO, if you can convince an Outlook/Exchange using company to dump MS for email, you can convince them to dump MS/Windoze OSs entirely, which is a much more complete way to solve this problem. jc As much as I respect Paul's opinions, are you sure Mozilla is viable as a solution to the virus problem? I still fell it's an OS problem. And yes even with Mozilla I still leave the AV software on a client's PC. Lusers still like to click on things and having the mail client /dev/null attachments is not viable as they want their family to send attached pictures of the grandkids. And JC, yes I am working on getting this company to move from Windows to Mac. Windows users know better than to come to me with their latest Windows Woes. I gently pat my iMac and say "Gee, I don't have that problem" with a Smug BOFH grin :-) -- Mike Jezierski [EMAIL PROTECTED]
Re: Lazy network operators - NOT
So-called "broadband" user populations (cable, dsl, fixed wireless, mobile wireless) are full time connected, or nearly so. They are technically unsophisticated, on average. The platforms they run trade convenience for security, and must do so in order to remain competitive/relevant. Margin pressure makes it impossible for most "broadband" service providers to even catalogue known-defect customer systems or process complaints about them. Those facts are not in dispute. And so, today, I began rejecting all e-mail from all roadrunner, attbi, interbusiness.it, comcast, and rogers customers. And as I discover the next several thousand /16's which contain this kind of user community I will reject their e-mail also. MAPS DUL doesn't go nearly far enough, nor do any of its lookalikes, not even SORBS DUHL. MAPS or SORBS or somebody needs to set up a "BBL" (broad band list) which is just a list of "broadband" customer netblocks, with no moral/value judgement expressed or implied. If it's complete and updated frequently, I'd pay for a feed because of all the work it would save me personally and in my dayjob. (Apropos of JCurran's comments above, it wouldn't matter if netblocks on this "BBL" disabled outbound TCP/25, or not, so, they probably just wouldn't, but, they probably aren't going to, no matter whether a "BBL" exists or not.) The new motto here is: "Blackhole 'em all and let market forces sort 'em out." -- Paul Vixie As a current subscriber of Road Runner (not by choice - only other option is DSL from Screwed By Cowboys) - I think blame is being placed in the wrong area. These zombies are all what OS?? Oh yes the group of idiots based in Redmond, WA. That is where the true problem lies. Fix the damned operating system Micro$haft. If there was a blackhole list to block all Windows lUsers it would be more effective - granted that would also reduce email down to about 10% of the computing population. No zombies on my Macintosh regards. -- Michael Jezierski BOFH - Chief LARTer - Slayer of Spam[mers] Master of the Clue-By-Four
Re: Lazy network operators - NOT
Yes I was being mostly facetious. But as others pointed out-
Micro$not is as much to blame for the spam problem as Road Runner and
CommieCast with their extremely shoddy software. Open proxies, worms,
relays, spyware ad nauseum.
I was amused at this and decided to look real quick.. OpenBSD's pf
can block on OS fingerprints.. effectively doing exactly what you
are kidding about (at least I'd hope so.. well, maybe) even in the
man page example they put:
# Do not allow Windows 9x SMTP connections since they are typically
# a viral worm. Alternately we could limit these OSes to 1 connection each.
block in on $ext_if proto tcp from any os {"Windows 95", "Windows 98"} \
to any port smtp
The OS fingerprint list they have is rather extensive..
:)
Mike Jezierski - BOFH wrote:
{sniped}
the damned operating system Micro$haft. If there was a blackhole
list to block all Windows lUsers it would be more effective -
granted that would also reduce email down to about 10% of the
computing population.
No zombies on my Macintosh regards.
RE: Port blocking last resort in fight against virus
At 11:40 -0700 8/12/03, Randy Bush wrote: > As a larger than average end user and what could be called a small ISP, I really can not image legitimate traffic on 135.. who in there right mind would pass NB traffic in the wild? the days of giving intelligence tests to customers is long gone. the job of an isp is to deliver packets. maybe your customer is foolish. but break their ceo's access and you're their ex- isp. randy My experience seems to be that as the ISP we're blamed when the subscribers gets a virus, because after all it's our network that sent the customer the virus. -- Mike
Re: Extreme spam testing
At 6:15 +1000 12/23/03, Matthew Sullivan wrote: And don't expect a "we want to be blocked so we can discourage the use of blacklists" attitude to work anymore. From us, at best you'd get a whitelist entry. The spamming problem really _is_ that bad. ...and I'll be a very happy man the day I shut down SORBS because spam is no longer an issue. I might get a life then. / Mat AMEN Mat !!! These damned spammers sending out junk to foul up bayesian filtering is getting to be too much. Not to mention the latest tactic is to sneak IRCbots onto victim's PC's and voila!! Open Proxy. As long as there is a piece of crap operating system like windblows out there that bots and worms can easily compromise, then netblock port scans and detections of proxies will be a necessary evil of the internet. I for one, if one of my luser subscribers is discovered with a proxy or IRCbot running then I for one would like to know about it. -- Michael Jezierski TriLutions Internet Center BOFH - Chief LARTer - Slayer of Spam[mers] Master of the Clue-By-Four +1 (309) 342-7177 x212
