RE: How secure should it be? (was RE: password stores?)
Ah, There's the rub. Access has a range from open to closed. The point you choose along that line directly effects cost and ease of use. Put another way, Careful what you ask for, you may get it. Best regards, _ Alan Rowland To quote another NANOG poster's sig file that applies to this discussion: Wrong questions are the leading cause of wrong answers. -Original Message- From: Sean Donelan [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 24, 2002 10:19 PM To: [EMAIL PROTECTED] Subject: How secure should it be? (was RE: password stores?) snip... Should we secure routers better, worse or the same as burglar alarms? While I agree there are settings which are insecure, its seems like we haven't figured out the optimum level of security yet. Which may be less than what the experts think.
RE: Draft of Rep. Berman's bill authorizes anti-P2P hacking
First I agree that this is BAD on general principle but... IANAL but IMHO spewing cracked copies of say, Photoshop, or other copyright violations might be considered probable cause with the specific place/things being the share program and it's contents. Sharing the content of your favorite program/CD/DVD with the world has never met fair use. I had significant input in my life regarding the difference between can and may. IMHO significant numbers of net citizens have forgotten that difference. Just my 2¢. Best regards, _ Alan Rowland -Original Message- From: Joseph T. Klein [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 25, 2002 12:16 PM To: Marshall Eubanks; [EMAIL PROTECTED] Subject: Re: Draft of Rep. Berman's bill authorizes anti-P2P hacking I would argue that my home computer is the repository of my papers and effects. No place in the below law does it limit the restriction to the government only. Indeed any law passed giving sanction to any party having the right IMHO is in direct violation of both the spiret and the letter of the Bill of Rights. Amendment IV The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized. The dogs of stupidy have been unleashed. --On Wednesday, 24 July 2002 12:40 -0400 Marshall Eubanks [EMAIL PROTECTED] wrote: Thought this would be considered on-topic as guess who would have to clean up the resulting messes... Regards Marshall Eubanks -- Joseph T. Klein [EMAIL PROTECTED] ... preserve, protect and defend the constitution ... -- Presidential Oath of Office
RE: Draft of Rep. Berman's bill authorizes anti-P2P hacking
I'd get on my cell phone and call the police. That's their job. Of course there is that little fact of having a legal right to the property in question in the first place. :) I fully agree this is Not Good (TM), hence the BAD in my response. Having said that, satellite providers periodically 'kill' hacked access cards on equipment in the user's home with no legal ramifications. How would this be significantly different? Waiving the fourth amendment flag is just FUD in this case. There's more than sufficient current law out there that applies in this case. The entertainment industry just wants an even easier answer. They're lazy. What's new? WorldComm, Adelphia, AOL, (you and me next?), have made this industry and its practices an easy target. Historically, market segments either clean up their own act, or government steps in. I believe this business is at that point now. How we act in the near future will greatly affect the amount of government involvement we'll see. Arguing in support of haz0r/warez networks won't help the cause. To put a different spin on the DCMA/17USC512 takedown letter issue, does this mean you support opt-out lists for Spam as apposed to opt-in? That's how the entertainment industry views our current process. There's a lot of disucssion on this list (actually OT but we see it here anyway) about identifying questionable E-mail traffic (spam). Is it really that much harder to identify questionable P2P traffic? Or are we all too busy listening to our MP3s playlists and watching the latest Starwars rip? Just my 2¢ Best regards, _ Alan Rowland -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 25, 2002 1:57 PM To: Rowland, Alan D Cc: [EMAIL PROTECTED] Subject: Re: Draft of Rep. Berman's bill authorizes anti-P2P hacking On Thu, 25 Jul 2002 13:11:00 PDT, Rowland, Alan D [EMAIL PROTECTED] said: IANAL but IMHO spewing cracked copies of say, Photoshop, or other copyright violations might be considered probable cause with the specific place/things being the share program and it's contents. If your house was broken into, and your TV stolen, and you were walking along and saw it in your neighbor's living room through the window, would that give you the right to go in and reclaim it? Would it exempt you from having to pay for a new door to replace the one that got broken down? You might want to ask yourself why the now-standard 17USC512 takedown letter isn't sufficient. I wonder how many 'Hax0rs-R-Us' record labels are about to incorporate. Bad JuJu.
OT: If you thought Y2K was bad, wait until cyber-security hits
(shooting self in foot...) Just eliminate tech support and proprietary software! A list of our settings is available at www.domain.com/settings. And don't call us with tech problems. We don't do tech support. I know of at least one ISP out there already doing this. Not that they're highly successful, but imagine not having to tell someone, Yes, your username and password are case sensitive and must be spelled exactly as supplied. And it's .net, not .com ever again. Or alternately just require registration through a BBS system as a clue test. :) (Waiting for visit from the sales/marketing/shareholder folk...) Best regards, _ Alan Rowland -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Saturday, July 20, 2002 10:03 PM To: Scott Francis Cc: [EMAIL PROTECTED] Subject: Re: If you thought Y2K was bad, wait until cyber-security hits Snip... I'll personally nominate for sainthood anybody who figures out how to make it work for an ISP's terms of service. ;) -- Valdis Kletnieks Computer Systems Senior Engineer Virginia Tech
OT: MTA. (Was) RE: Stop it with putting your e-mail body in ATT attachments. Its annoying and no one can see your message
Folk, This is like the insurance industry basing rates on auto make/model. While that is one factor, the much more important factor is the driver. It's the user, not the MTA, that 'spreads' viri. This problem is not limited to AOL/MSNites. And if techies are so much better why are there compromised IIS, Apache, FTP, etc. machines around months and often years after fix releases? To paraphrase someone you may be familiar with, Be conservative in what you send and liberal in what you accept. I'm much more interested in the message than the medium. :) -Al Rowland Just my 2¢, feel free to use your delete key. -Original Message- From: Matthew S. Hallacy [mailto:[EMAIL PROTECTED]] Sent: Friday, July 12, 2002 1:32 AM To: [EMAIL PROTECTED] Subject: Re: Stop it with putting your e-mail body in ATT attachments. Its annoying and no one can see your message On Tue, Jul 09, 2002 at 09:36:43PM -0700, Majdi S. Abbas wrote: [snip] The breakdown: Microsoft 38.71% (not even half the way to 90%) Mozilla 11.41% Eudora 10.86% ELM 6.63% exmh5.25% Web Mail5.20% Mutt4.70% New MH 3.64% VM 2.36% Mulberry1.90% Gnus1.27% MH 0.96% [snip] --msa Close, but no banana for you: 26.1534 percent, Pine 20.2465 percent, Microsoft Total (Outlook, Outlook Express, Exchange, etc) 15.5250 percent, Mutt 7.7120 percent, Microsoft Outlook 7.6985 percent, Internet Mail Service (Exchange) 5.7049 percent, Eudora 5.2738 percent, Mozilla (Netscape) 4.7013 percent, Microsoft Outlook Express 3.6102 percent, Unknown (536 messages were not identifiable) 3.2734 percent, Elm 2.1823 percent, exmh 1.6232 percent, Web Mail 1.4144 percent, Gnus/Emacs 1.2326 percent, Mulberry 0.9160 percent, VM 0.7139 percent, Yahoo! 0.4715 percent, Hotmail 0.3839 percent, Lotus Notes 0.3166 percent, The Bat! 0.3031 percent, KMail 0.2896 percent, Apple Mail 0.2694 percent, Pocomail 0.2694 percent, MH 0.2627 percent, Evolution 0.2088 percent, DMailWeb Web to Mail Gateway 0.2021 percent, Mahogany 0.1414 percent, Squirrel Mail 0.1414 percent, CommuniGate Pro Web Mailer 0.1347 percent, mh-e 0.1145 percent, IMail 0.1078 percent, Sylpheed 0.1010 percent, Microsoft-Entourage 0.1010 percent, Mew version x.xx on Emacs 0.0943 percent, dtmail 1.3.0 @(#)CDE Version 0.0741 percent, Tellurian WebMail 0.0674 percent, tin 0.0674 percent, Forte Agent 0.0539 percent, My Own Email 0.0471 percent, ZMail 0.0471 percent, Mail User's Shell 0.0404 percent, MailRoom For Internet Mail 0.0269 percent, stuphead ver. 0.5.3 (Wiskas) 0.0269 percent, MIME-tools 4.104 (Entity 4.117) 0.0202 percent, your-mom-encapsulated-in-smtp 0.0202 percent, Vivian Mail 0.0202 percent, PostOffice 0.0202 percent, Mirapoint Webmail Direct 0.0202 percent, Becky! 0.0135 percent, Excite Inbox 0.0135 percent, /bin/bash 0.0135 percent, AeroMail 0.0067 percent, XFMail 0.0067 percent, WorldClient Standard 0.0067 percent, TWIG 0.0067 percent, The Rodent, go figure. 0.0067 percent, TBBS/TIGER v1.0/PRIMP 1.56p 0.0067 percent, slrn 0.0067 percent, Opera 0.0067 percent, emacs 20.5.1 (via feedmail 8 I) 0.0067 percent, Calypso Total messages: 14847 This resulted from checking X-Mailer, User-Agent, and Message-ID as a last resort (yahoo, hotmail, pine..), timespan is from Feb 2001 to now. -- Matthew S. HallacyFUBAR, LART, BOFH Certified http://www.poptix.net GPG public key 0x01938203
RE: OT: MTA. (Was) RE: Stop it with putting your e-mail body in ATT a ttachments. Its annoying and no one can see your message
Actually, it's Outlook XP running on Win2000 Workstation. Hey, I did post plain text... satire Do you always judge people by their clothes/skin color? ;0 /satire Best regards, _ Alan Rowland -Original Message- From: Patrick Thomas [mailto:[EMAIL PROTECTED]] Sent: Friday, July 12, 2002 9:10 AM To: Rowland, Alan D Cc: [EMAIL PROTECTED] Subject: Re: OT: MTA. (Was) RE: Stop it with putting your e-mail body in ATT a ttachments. Its annoying and no one can see your message Be conservative in what you send and liberal in what you accept. I seriously doubt anyone clicking away with outlook running on XP posing on a technical list has any idea where the above comes from and what it refers to.
OT: Total Traffic. Was: Sprint peering policy
Richard, I know a few news server admins who might disagree with you. Or at least it seems that way at times. ;) I typically have a 251Kbps (broadband) stream from www.thebasement.com.au running in the background when on line. The stream is coming out of Australia (don't think it's been Akakamized yet. Did I spell that right?) so that stream is on a US backbone. That's in addition to anything else I may be doing. This is only a single point of data but single points eventually add up to a bucket. Additional thoughts. Wonder what that peak traffic would be if individual sites and services weren't as rate limited as most are by pipe size, hardware or software? Or how about a 6Gbps HDTV video conference stream (UCLA (?)- MIT on Internet2). Just my 2¢. The delete key is your friend. -Al Rowland -Original Message- From: Richard A Steenbergen [mailto:[EMAIL PROTECTED]] Sent: Monday, July 01, 2002 6:07 PM To: Stephen J. Wilcox Cc: Deepak Jain; Miquel van Smoorenburg; [EMAIL PROTECTED] Subject: Re: Sprint peering policy On Tue, Jul 02, 2002 at 12:47:36AM +0100, Stephen J. Wilcox wrote: I'm curious about all these comments on bandwidth, few Mbs is nothing, dropping OC48 to IXs. Theres an imbalance somewhere, everyone on this list claims to be switching many gigs of data per second and yet where is it all going? Not on the IX graphs anyway Did someone mention large bandwidths and everyone else felt they needed to use similar figures or is everyone really switching that amount but just hiding it well in private peerings? I know theres some big networks on this list but theres a lot more small ones.. It's all so much posturing, just like the people who claim they need OC768 now or any time in the near future, or the people who sell 1Mbps customers on the fact that their OC192 links are important. If there is more than ~150Gbps of traffic total (counting the traffic only once through the system) going through the US backbones I'd be very surprised. -- Richard A Steenbergen [EMAIL PROTECTED] http://www.e-gerbil.net/ras PGP Key ID: 0x138EA177 (67 29 D7 BC E8 18 3E DA B2 46 B3 D8 14 36 FE B6)
RE: Fwd: WorldCom Investor News: WorldCom Announces IntentiontoRestate 2001 and First Quarter 2002 Financial Statements
RoadRunner is also involved in supplying TWC service (Time Warner Cable). As a former RoadRunner then MediaOne then ATTBI customer, I believe RoadRunner best fits as a sort of Covad in Cable land. Just my WAG (Wild Axx Guess) Best, Al -Original Message- From: Pawlukiewicz Jane [mailto:[EMAIL PROTECTED]] Sent: Wednesday, June 26, 2002 8:53 AM To: Andy Warner; [EMAIL PROTECTED] Subject: Re: Fwd: WorldCom Investor News: WorldCom Announces IntentiontoRestate 2001 and First Quarter 2002 Financial Statements Andy Warner wrote: Neither WCOM, nor T owns Cox. Cox is independent. T recently acquired Comcast which may be the source of your confusion. I am always confused. No, I think the source of my confusion is RoadRunner. Its all over their website, and that's a ATT name. isn't it? at least it was... Jane -- Andy Warner On Wed, 26 Jun 2002, Pawlukiewicz Jane wrote: Hey, dumb question. Does WCOM own Cox? Or is that ATT? Just curious. Jane snip
RE: ATTBI refuses to do reverse DNS?
As an ATTBI customer at home (only [reasonably priced] high speed available in the area), the recent network/service changes being rolled out have a high negative pressure coefficient. Haven't tried FTP lately, will have to see if it still works on 'my' network tonight! I do know their USENET feed has gotten 'interesting' in the last week. Lots of 'there is no such group' with lots of new, mainly full of 'local' spam groups and significant numbers of 'no new articles' for days in normally high traffic hierarchies. Almost seems like their services are now being admin'd in China or something. Just my 2¢. The delete key is your friend. -Al -Original Message- From: Lou Katz [mailto:[EMAIL PROTECTED]] Sent: Tuesday, June 18, 2002 11:31 AM To: [EMAIL PROTECTED] Subject: ATTBI refuses to do reverse DNS? A client of mine just discovered that he could no longer do ftp transfers to my machine. His IP address had changed to one in 12.240.20 and there is no reverse DNS for that block. His previous assignment was in a totally different block which did have reverse DNS. Calls to ATTBI got the answer that they are not obligated to provide reverse DNS and have no plans to do so. My servers refuse connections when there is no reverse lookup. Is this common? -- I suppose I could set up a bogus reverse for him, but, feh... -=[L]=-
RE: LEAP Security Vulnerabilities??
Title: LEAP Security Vulnerabilities?? If you're serious enough about security to find 128 WEP inadequate, I would think you would be doing some sort of VPN or other SSL solution anyway, making WEP redundant. Or am I missing something? Best, -Al Rowland -Original Message-From: Hyska, Jason [JJCUS] [mailto:[EMAIL PROTECTED]]Sent: Thursday, June 13, 2002 10:15 AMTo: [EMAIL PROTECTED]Subject: LEAP Security Vulnerabilities?? I am well aware of the many security vulnerabilities that exist on wireless networks as well as the inadequacies of WEP. I was curious if anyone has had any experiences with Cisco's LEAP authentication protocol? I have scoured the net for reviews or documents examining any potential vulnerabilities, but have not been able to find any. Any and all help or information would be appreciated. Thanks in advance, Jason Hyska Worldwide Information Security Johnson Johnson [EMAIL PROTECTED]
OT: Trying to find a connectivity provider that wont go under (was RE: CAIS/Ardent and now Network Access Solutions)
But you have Drew Carey! What about cable access? It's more and more an option that has, IMHO, significant benefits over DSL. No PPPoE for starters... Unless you're in a business zone. :( -Al -Original Message- From: Steven J. Sobol [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 30, 2002 7:10 PM To: Brian Cc: Deepak Jain; [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: Trying to find a connectivity provider that wont go under (was RE: CAIS/Ardent and now Network Access Solutions) On Thu, 30 May 2002, Brian wrote: Surprised there isnt much connectivity in the Detroit area, I mean it is Motor City and all, I would think tons of manufacturing palnts all needing telecom of some sort or other.. Try to get DSL here; everyone backhauls to Chicago. And Cleveland is the 25th largest city in the USA. Lots of local providers for DS1 and Frame and ATM, just not DSL. :) -- Steve Sobol, CTO (Server Guru, Network Janitor and Head Geek) JustThe.net LLC, Mentor On The Lake, OH 888.480.4NET http://JustThe.net In a 32-bit world, you're a 2-bit user/You've got your own newsgroup: alt.total.loser - Weird Al Yankovic, It's All About the Pentiums
RE: operational: icmp echo out of control?
We had one user report our DNS servers were hacking his system. Knew enought to do a whois but didn't have any clue beyond that. :) (lots of port 53 activity in the logs every time he surfed the web...) Best, -Al -Original Message- From: Richard A Steenbergen [mailto:[EMAIL PROTECTED]] Sent: Tuesday, May 28, 2002 1:01 PM To: Mike Tancsa Cc: Jeff Mcadams; [EMAIL PROTECTED] Subject: Re: operational: icmp echo out of control? On Tue, May 28, 2002 at 03:36:08PM -0400, Mike Tancsa wrote: Jeu 09 mai 2002 15:30:22, Port 3, ICMP, Destination Unreachable Jeu 09 mai 2002 15:30:21, Port 3, ICMP, Destination Unreachable Jeu 09 mai 2002 15:30:10, Port 3, ICMP, Destination Unreachable Jeu 09 mai 2002 15:30:09, Port 3, ICMP, Destination Unreachable I don't know whats worse, those crappy personal firewalls that make every packet look like a life or death assault, or the idiots who send abuse email demanding that you do something for them or they will sue and/or hax0r you. I've seen supposed security professionals for theoretically clued places like NASA send abuse complaints over traceroutes they've originated, and people complain about port 80 hacking attempts then flatly refuse to admit they visited website. At best, it's annoying clutter. Is it any wonder that legitimate emails about ongoing DoS attacks are completely ignored or responded to a week later? At worst, it can get innocent people in trouble and cost them a lot of time, effort, and potentially money. These false abuse reports are FAR too common, and the net equivilent of crying wolf. In my opinion, it is the responsability of these personal firewall makers to at least make an EFFORT to warn their users about this. So far, I havn't seen it. -- Richard A Steenbergen [EMAIL PROTECTED] http://www.e-gerbil.net/ras PGP Key ID: 0x138EA177 (67 29 D7 BC E8 18 3E DA B2 46 B3 D8 14 36 FE B6)
RE: Routers vs. PC's for routing - was list problems?
AFAIK standard (non-proprietary) CompactFlash, SmartCards, Memory Stick, et al, are seen as (removable) storage with typical allowed attributes. I can set a file/folder/card to 'locked' in my camera but when plugged into the computer this will show as 'read only.' Then again, router manufacturers are infamous for jiggering as much as possible to proprietary. Might still be able to 'administer' the card in another machine then install it in the proprietary device but that might void your warranty. :) Hey, they're just protecting their market share, right? Worked for Apple, oh, wait a minute... (/mnt asbestos underwear) Just my 2¢. -Al -Original Message- From: Steven J. Sobol [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 23, 2002 2:39 PM To: Dan Hollis Cc: E.B. Dreger; Vinny Abello; [EMAIL PROTECTED] Subject: Re: Routers vs. PC's for routing - was list problems? On Thu, 23 May 2002, Dan Hollis wrote: On Thu, 23 May 2002, Steven J. Sobol wrote: On Thu, 23 May 2002, E.B. Dreger wrote: EIDE-based flash drives have become very inexpensive. Some embedded systems use CompactFlash boards. Can you set flash drives to be write-only? Why would you want to do this? Duh. Sorry about the brainfart. I was about to launch into a long explanation of what I want to do when I realized I wrote write-only instead of read-only. I meant read-only. Note to self: Engage brain *before* fingers. -- Steve Sobol, CTO (Server Guru, Network Janitor and Head Geek) JustThe.net LLC, Mentor On The Lake, OH 888.480.4NET http://JustThe.net In a 32-bit world, you're a 2-bit user/You've got your own newsgroup: alt.total.loser - Weird Al Yankovic, It's All About the Pentiums
RE: Routers vs. PC's for routing - was list problems?
Most flash media includes read only 'tabs' similar to the legacy floppy variety. Steven may have hit on an interesting solution here... -Al -Original Message- From: E.B. Dreger [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 23, 2002 2:38 PM To: [EMAIL PROTECTED] Cc: Dan Hollis; Steven J. Sobol; Vinny Abello; [EMAIL PROTECTED] Subject: Re: Routers vs. PC's for routing - was list problems? JKS Date: Thu, 23 May 2002 17:34:29 -0400 (EDT) JKS From: Jason K. Schechner JKS Why would you want to do this? JKS JKS Logging. If a h@xx0r cracks your box he can't erase JKS anything that's already been written there. Often it takes BSD enforces append-only when running proper securelevel. AFAIK, Linux lacks this attribute, and root can disable the so-called immutable attrib. JKS a physical change (jumper, dipswitch, etc) to change from JKS write-only to read-only making it pretty tough for the JKS h@xx0r to cover his steps. Why not log to an external bastion host? -- Eddy Brotsman Dreger, Inc. - EverQuick Internet Division Phone: +1 (316) 794-8922 Wichita/(Inter)national Phone: +1 (785) 865-5885 Lawrence ~ Date: Mon, 21 May 2001 11:23:58 + (GMT) From: A Trap [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Please ignore this portion of my mail signature. These last few lines are a trap for address-harvesting spambots. Do NOT send mail to [EMAIL PROTECTED], or you are likely to be blocked.
RE: Certification or College degrees? Was: RE: list problems?
While the effectiveness of degree requirements may be argued, they are efficient. When your HR department gets hundreds or thousands of applications, they need some way to find the wheat. The net sector is young and was mostly immune to traditional business practices. Not all traditional business practices are bad (see dot.bomb). Lack of business acumen means the days of six figure income and significant stock options because there were 10 job openings for every geek who could RTFM are over. Even though the job market is coming back there's still 20 'techies' in Birkenstocks and Star Wars t-shirts for every (decent) job hiring. Everything else being equal (which is often the case) a cert or degree is a great tie-breaker. Welcome to the traditional job market fellow geeks. Remember all the jokes about Sanitation Engineers? ;) Put another way, when you take that expensive car of yours in for service (you do have one if you're successful in this industry, right? ;) ), do you go to Joe's Garage (apologies to all named Joe) or a dealer/service center with certified mechanics? Just my 2¢. The delete key is your friend. Best regards, _ Alan Rowland (BS in Business and Management, UofM, 1990 no warranty expressed or implied, use at your own risk, may be terminated at any time without notice -Original Message- From: Christopher J. Wolff [mailto:[EMAIL PROTECTED]] Sent: Wednesday, May 22, 2002 11:16 AM To: [EMAIL PROTECTED] Subject: Certification or College degrees? Was: RE: list problems? I would add to that statement: Requiring a technology certification is equally as obsurd. I've been told I could pass the Emperor-Level CCIE test; however, I do not believe it will add more value for my customers. Regards, Christopher J. Wolff, VP CIO Broadband Laboratories http://www.bblabs.com Andrew Dorsett said: *jumping on my soap box* I have to say that the idea of requiring a degree for the IT industry is obsurd.
RE: anybody else been spammed by no-ip.com yet?
For more on EarthLink's Port 25 policy see: http://help.earthlink.net/port25/ Best regards, Al Rowland -Original Message- From: Joel Baker [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 09, 2002 7:26 PM To: [EMAIL PROTECTED] Subject: Re: anybody else been spammed by no-ip.com yet? On Fri, May 10, 2002 at 11:27:10AM +1000, Terence Giufre-Sweetser wrote: Now there's a good idea, and it works, I have several sites running a port 25 trap to stop smtp abuse. To stop port 25 abuse at some schools, the firewall grabs all outgoing port 25 connections from !the mail server, and to !the mail server, and runs then via the mail server, which stops header forging, mass rcpt to: abuse, and vrfy/expn probing. Anything that goes past the filters has a nice clear and traceable received by: line. If a few of the larger pre-paid isp's could simply filter port 25 on their accounts, add some sanity checking (like, a user must be using a valid email address in the from:/return-path:/reply-to: lines, etc) and reject other abuse like rcpt to: stacking. Plus, add a anti-bulk email check, like razor or checksum clearinghouse, (yeah, seriously, checksum the outgoing emails, if some humans somewhere have said this is spam, then /dev/null or BOUNCE the outgoing email.) I'd even be inclined to place these filters at the border to smaller downstream isp's, let them register their valid email domains, any user from their network trying to send invalid email, or email that is listed in razor, just kill it or auto-refer to the abuse desk. [This may sound expensive, but on reflection, a US$2K box with BSD could handle 20Mbps of port 25, remember only port 25, nothing else, you would place one behind your dial up infrastructure, or several for a large site, and your transparent smtp proxy would pay for itself by killing off a lot of your abuse@ work. There was many ways of redirecting the port 25 packets, have a look at all the good work done on port 80 transparent proxies.] // :), patent pending? No, the concept is hereby commited to the public domain. // Earthlink was doing this for basically all of their consumer-grade (dialup, most of the ADSL, etc) customers in 1999 (well, almost certainly earlier than that, but I can only personally speak to it being in place then). It doesn't stop absolutely everything, but it's a very good 95% first pass filter. Don't forget to allocate support queue time for explaining to folks why they can't do SMTP relaying through their other provider where they have a hosting account, though... (Business customers were exempted, but paid hefty setup fees and monthly fees, and if I recall the contract correctly, forfeited all of them for AUP violations, which explicitly included UCE). Keeping the filters up to date is often a painful excercise in assignment coordination testing, too... -- *** Joel Baker System Administrator - lightbearer.com [EMAIL PROTECTED] http://users.lightbearer.com/lucifer/
RE: CIA Warns of Chinese Plans for Cyber-Attacks on U.S.
No. What's hard to believe is that anyone would find that surprising/newsworthy. My last post on this OT subject. Really. I promise... -Al -Original Message- From: Deepak Jain [mailto:[EMAIL PROTECTED]] Sent: Thursday, April 25, 2002 3:02 PM To: Steve Goldstein; Rowland, Alan D Cc: [EMAIL PROTECTED] Subject: RE: CIA Warns of Chinese Plans for Cyber-Attacks on U.S. Is it really hard to believe that the Chinese government would actively fund cyberterrorism? Deepak Jain AiNET -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Steve Goldstein Sent: Thursday, April 25, 2002 5:55 PM To: Rowland, Alan D Cc: [EMAIL PROTECTED] Subject: RE: CIA Warns of Chinese Plans for Cyber-Attacks on U.S. Gosh, oh golly-gee, do you really think that they would do something like that (planting a story)? ;-) --Steve At 7:16 AM -0700 4/25/02, Rowland, Alan D wrote: Someone in the CIA is looking for funding... Just my 2¢. -Al --
RE: How to get better security people
Title: RE: How to get better security people A knowledgeable investor would ask your HR department a few questions: 1. Which half of the resume do you believe? 2. Is it really more economical to ignore half your talent than spend a little checking resumes? 3. What does it say about your company's ethics that you accept that all your employees are liars? but then you have to find that knowledgeable investor first... Just my 2¢ and in similar circumstances, -Al USAF Ret. -Original Message-From: James Smith [mailto:[EMAIL PROTECTED]]Sent: Tuesday, March 26, 2002 12:03 PMTo: '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'Cc: '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'Subject: RE: How to get better security people -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, March 26, 2002 2:41 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: How to get better security people | The problem right now is if you advertise for a job, you will get | blasted with literally tens of thousands of resumes. What should I | be telling the HR department to look for? New careers. Sean. = That's the problem. Too many folks seeing the big money going to the tech weenies, and upon taking an MCSE boot camp, think they now qualify for a senior Admin/Security job. That and resume inflation, real or percieved. Too much noise in the system and inefective noise reduction methods... My resume is factual, and when I got out of the military, I was penalized by my first civilian employer. When I stated I could in fact set up a needed DNS, I was told they would hire it out. I asked why hire it out when I could do it. I was told, "we only believe half of any resume we get, and we don't think that you have the necessary experience." If setting up and running deleted.af.mil (now gone), and doing the very first deleted.af.mil DNS located on the base (complete with off-site secondaries), and running it until transitioned about a year later to the comm squadron folks I trained didn't count, then what did? Not bitter, though. Got a new employer... James H. Smith II NNCDS NNCSE Systems Engineer The Presidio Corporation
