Dan Hollis wrote:
the operator hosting the hijacked PC is guilty if they are notified and
refuse to take action. which seems to be all too common these days with
universities and colocation companies.
In many cases they also are incompetent or incapable of taking action
since there is
Appologies to all, and the other DNSbls, I'm a little uptight about how
long it is taking for the arrest of the DDoSer.
Yes he has been identified, and that's all I can say.
/ Mat
Kai Schlichting wrote:
On 9/23/2003 at 5:16 PM, Mike Tancsa [EMAIL PROTECTED] wrote:
- BGP anycast, ideally suited for such forwarding proxies.
Anyone here feeling very adapt with BGP anycast (I don't) for
the purpose of running such a service? This is a solution that
has to be suggested
In this letter:
http://www.icann.org/correspondence/lewis-to-twomey-21sep03.htm
Verisign CEO, Paul Twomey, makes the following claim:
We have also formed an independent technical review panel to gather and
analyze data for the purpose of assessing any operational impact of our
wildcard
On Tue, 23 Sep 2003 16:32:55 -0500, Jack Bates wrote:
Question: Why is it not illegal for an ISP to allow a known vulnerable
host to stay connected and not even bother contacting the owner? There
are civil remedies that can be sought but no criminal.
Various theories of criminal liability
--On Tuesday, September 23, 2003 11:55:41 -0700 Randy Bush [EMAIL PROTECTED]
wrote:
because some engineers think that all social and business problems
can be solved by technical hacks. it's the godess's revenge for
the lawyers who think all engineering problems can be solved at
layer nine.
And the usual US-centric view...
Which congress person does Demon Netherlands, T-dialin, Wanadoo
France, Tiscali etc. go to?
In the Netherlands, Germany, France, Italy and other countries
people generally know who to go to to raise an issue with
their governments. In some cases there is a direct
Mr. Dillon
Your email here implies that this statement being made by Paul Twoomey ..
I do believe that the actual comments your referring to were made by the GM
of Verisign, Mr. Lewis ...
Ken Stubbs
- Original Message -
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent:
for amusement thought the list might like to see my latest 419 email with not a
single african government official in sight. amused us all here anyhow, not seen
anything like this before!
the netblock is a nameless nigerian ISP
inetnum: 81.199.82.0 - 81.199.83.255
netname:
Many thanks to all who responded.
I have been asked by a few people to post a digest, so here it is. I
have chosen not to attribute the quotes because some of the people who
responded directly to me. If they had wanted their statements made
public and attributable, then they would have posted
Jim Segrave wrote:
And the usual US-centric view...
Which congress person does Demon Netherlands, T-dialin, Wanadoo
France, Tiscali etc. go to?
I recognize it sounds U.S.-centric, but quite frankly since the U.S.
Department of Commerce claims ownership here, I don't have a any grand
more
This morning, more often than not, nonexistent domain name access via
http is returning timeouts. Overload? DoS? It appears, for whatever
reason, that Verisign's scheme is not impervious to the inevitable
consequences of arrogant behavior.
Paul Vixie wrote:
It's still to be seen if ISC's cure is worse than the disease; as
instead of detecting and stoping wildcard sets, it looks for delegation.
that's because wildcard (synthesized) responses do not look different
on the wire, and looking for a specific A RR that can be changed
Geo. wrote:
Blacklists are just one kind of filter. If we could load software that
allowed us to forward spams caught by other filters into it and it
maintained a DNS blacklist we could have our servers use, we wouldn't need
big public rbl's, everyone doing any kind of mail volume could easily
Curt Akin wrote:
This morning, more often than not, nonexistent domain name access via
http is returning timeouts. Overload? DoS? It appears, for whatever
reason, that Verisign's scheme is not impervious to the inevitable
consequences of arrogant behavior.
The service seems to have experienced
The benefit of using a blacklist like monkeys or ordb is that there is
only one removal process for all the mail servers. The issue is that
when the webserver is dDOS'd, it is very hard for people to get removed.
There shouldn't be a need for any removal process. A server should be listed
for
Geo. wrote:
There shouldn't be a need for any removal process. A server should be listed
for as long as the spam continues to come from it. Once the spam stops the
blacklisting should stop as well. That is how a dynamic list SHOULD work.
Depends on the type of listing. Open proxies and open
Once again, Verisign screws up. Can someone point me to the correct
contact information to see if my registration actually went through or
not? I don't see anything besides [EMAIL PROTECTED] listed on the website.
--
nicholas harteau
[EMAIL PROTECTED]
Repeated (though informal) testing over the last 90 minutes showed
that at one point, about one-third of attempted HTTP connections to
sitefinder took over one minute to complete or, in a few cases, failed
entirely.
Now only about one of every 5 or 10 connections is displaying that
behavior.
I thought ya'll might be interested to hear that yet another DNS blacklist
has been taken down out of fear of the DDoS attacks that took down
Osirusoft, Monkeys.com, and the OpenRBL. Blackholes.compu.net suffered a
joe-job earlier this week. Apparently the joe-jobbing was enough to
convince
In a message written on Wed, Sep 24, 2003 at 11:28:39AM -0500, Justin Shore wrote:
So, my question for NANOG is how does one go about attracting the
attention of law enforcement when your network is under attack? How does
the target of such an attack get a large network provider who's
See the NANOG archives for my post reguarding wildcard caching and set
comparison with additional resolver functionality for requesting if the
resolver wishes to receive wildcards or NXDOMAIN.
oh... that wasn't a joke, then?
there won't be a protocol change of that kind, not in a million
On Wed, 24 Sep 2003, Leo Bicknell wrote:
In a message written on Wed, Sep 24, 2003 at 11:28:39AM -0500, Justin Shore wrote:
So, my question for NANOG is how does one go about attracting the
attention of law enforcement when your network is under attack? How does
the target of such an
I am not surprised at all. If VeriSign took their efforts and time to show us
some purported recommendations to abide to their new service, they better at
least deal with DoS pretty fast before more people get uptight.
-hc
--
Haesu C.
TowardEX Technologies, Inc.
Consulting, colocation, web
Paul Vixie wrote:
oh... that wasn't a joke, then?
there won't be a protocol change of that kind, not in a million years.
It doesn't have to be a protocol change. Strictly an implementation
change. It would break less than the current implementation change ya'll
made can break. Reguardless of
Pop-Up Scam Beats AOL Filter
http://www.wired.com/news/technology/0,1282,60564,00.html
AOL is not the only Internet service provider currently blocking all port
135 traffic. Many ISPs began filtering the port last month to mitigate the
spread of the MSBlaster computer worm, Baldwin said. While
So, my question for NANOG is how does one go about attracting the
attention of law enforcement when your network is under attack?
How
does the target of such an attack get a large network provider
who's
customers are part of the attack to pay attention? Is media
attention the only
On Wed, 24 Sep 2003, Justin Shore wrote:
snip
joe-job earlier this week. Apparently the joe-jobbing was enough to
convince some extremely ignorant mail admins that Compu.net is spamming
and blocked mail from compu.net. Compu.net has also seen the effects of
Speaking of joe-jobs, what's
Great,
Just Great. Wasn't there a post a while back that listed what providers
are SPAM friendly? My fingers are getting tired trying to create ACL's
lists to block ranges of IP's without compromising my service. I wish
the power's up above would buy the right software to try and curb the
SPAM
On Wed, 24 Sep 2003 [EMAIL PROTECTED] wrote:
Perhaps, but it also seems like moving an RBL onto a P2P network would
making poisoning the RBL far too easy...
nope. updates will be crypto signed, thus poisoned updates will be dropped
instantaneously.
Total: 308
Erps, I told my script to mis-count:
Total: 284
---
david raistrick
[EMAIL PROTECTED] http://www.expita.com/nomime.html
The Do Not Call registry is on hold...
http://news.findlaw.com/cnn/docs/ftc/donotcall92303ord.pdf
On Wed, 2003-09-24 at 12:48, David Raistrick wrote:
On Wed, 24 Sep 2003, Justin Shore wrote:
snip
joe-job earlier this week. Apparently the joe-jobbing was enough to
convince some extremely ignorant mail admins that Compu.net is spamming
and blocked mail from compu.net. Compu.net has
On Wed, 24 Sep 2003 [EMAIL PROTECTED] wrote:
Perhaps, but it also seems like moving an RBL onto a P2P network would
making poisoning the RBL far too easy...
That's what I was getting ready to suggest. As it stands now we have at
least somewhat of an assurance that the zone we're working
oh... that wasn't a joke, then?
there won't be a protocol change of that kind, not in a million years.
It doesn't have to be a protocol change. Strictly an implementation change.
you are confused. and in any case this is off-topic. take it to namedroppers,
but before you do, please
On Wed, 24 Sep 2003 13:10:43 CDT, Stephen L Johnson [EMAIL PROTECTED] said:
Please forgive my ignorance, but what is a joe-job?
http://searchsecurity.techtarget.com/gDefinition/0,294236,sid14_gci917469,00.html
says it better than I can. Or google for +joe job +definition, it's your friend.
I think some RBLs might get better responses from the ISPs when they stop
taking collateral damage gets the abuse department's attention attitudes..
Some RBLs cause many providers a LOT of headaches, so it is not surprising
that when it is their turn to complain, the ISPs will just say: post to
Word is Gray Davis signed [sb186].
that's most unfortunate.
It seems to be a pretty strong anti-spam bill.
it's not.
Given all the talk of black lists and DDOS's and the like does anyone
think this will make a difference? Is anyone planning on using the law
to recover damages?
since
On Wed, 24 Sep 2003, Stephen L Johnson wrote:
Please forgive my ignorance, but what is a joe-job?
I dug up some links for you.
http://www.spamfaq.net/terminology.shtml#joe_job
http://www.techtv.com/news/culture/story/0,24195,3415219,00.html
http://catb.org/~esr/jargon/html/J/joe-job.html
I'm keeping track of sitefinder vs. google page load times, just for
giggles. You can see the results at:
http://mrtg.snark.net/http-time/
One thing thats missing is accounting for refused connections; I'll
have to put a little more thought into that.
matto
On Wed, 24 Sep 2003, Declan
On Thu, Sep 18, 2003 at 03:58:31PM -0400, [EMAIL PROTECTED] said:
This is the assumption I have come to as well. Are there any
established standards for enterprise datacenters at all, aside from the
obvious, N+1 redundant everything, diverse paths, etc.?
I don't know if it qualifies as an
On Wed, 24 Sep 2003, Stephen L Johnson wrote:
On Wed, 2003-09-24 at 12:48, David Raistrick wrote:
On Wed, 24 Sep 2003, Justin Shore wrote:
snip
joe-job earlier this week. Apparently the joe-jobbing was enough to
convince some extremely ignorant mail admins that Compu.net is
On Wed, 24 Sep 2003, Joel Perez wrote:
Great,
Just Great. Wasn't there a post a while back that listed what providers
are SPAM friendly? My fingers are getting tired trying to create ACL's
lists to block ranges of IP's without compromising my service. I wish
the power's up above would buy
On Wed, 24 Sep 2003, Stephen L Johnson wrote:
Please forgive my ignorance, but what is a joe-job?
Typically spam using forged source email addresses targeting a specific
company/person/etc.
http://www.everything2.com/index.pl?node=Joe%20Job
http://www.spamfaq.net/terminology.shtml
---
david
On Wed, 24 Sep 2003, Justin Shore wrote:
On Wed, 24 Sep 2003 [EMAIL PROTECTED] wrote:
Perhaps, but it also seems like moving an RBL onto a P2P network would
making poisoning the RBL far too easy...
That's what I was getting ready to suggest. As it stands now we have at
least somewhat
At 10:54 AM 9/24/2003, Timo Janhunen wrote:
The Do Not Call registry is on hold...
http://news.findlaw.com/cnn/docs/ftc/donotcall92303ord.pdf
Meanwhile, on the good news front:
http://sfgate.com/cgi-bin/article.cgi?f=/c/a/2003/09/24/SPAM.TMP
jc
I've found inconsistencies in search engines mainly with domain name
having transient status. Such dn inherit a new IP , the *.com IP ( the
sitefinder IP).
And sitefinder itself has its own inconsistency:
Here an example using Nestscape or Mozilla (my IE6 config gives
other results).
Well, thanks to all who replied. I've attached annotated replies at the
bottom of this message.
On Tue, 23 Sep 2003, Andy Grosser wrote:
This request is largely for anecdotal/historical purposes. The recent
Foundry/Riverstone posts reminded me of a topic I'd kept meaning to
broach.
My
At 10:24 AM -0400 9/24/03, John A. Martin wrote:
Kee == Kee Hinckley
RE: Detecting a non-existent domain
Tue, 23 Sep 2003 20:16:04 -0400
Kee At 3:15 PM -0700 9/23/03, David Schwartz wrote:
How would you do this before? Does an A record for a hostname
mean that a host with that
Hello,
On the RADB site, under features and benefits, the service claims to mirror
more than 30 other IRR databases.
My challenge is that I need to list my information with RADB and don't want
to go through the hassle of manually submitting every subnet owner and
first-born when I can put a
In a message written on Wed, Sep 24, 2003 at 01:28:19PM -0500, Justin Shore wrote:
True. However I also subsribe those beliefs. When an ISP knowingly
allows a spammer to sign up for network service, knowing full well what
they are planning to do with it (read: pink contracts), and ignores
On Wed, 24 Sep 2003, Stephen J. Wilcox wrote:
The one that they're doing on my own domain which I mentioned on list some
months ago is still going strong with many Mbs of bounces per day.. I think its
fair to say there is very little you can do as tracking the source is almost
In message [EMAIL PROTECTED], Scott Francis writes:
On Thu, Sep 18, 2003 at 03:58:31PM -0400, [EMAIL PROTECTED] said:
=20
=20
This is the assumption I have come to as well. Are there any
established standards for enterprise datacenters at all, aside from the
obvious, N+1 redundant
Looking for rack space in Chicago to house 2 - 2U servers, a cisco 3620, a hub and
flat panel/keyboard tray.
Will need net access and 8 ip addresses. Low bandwidth usage.
Contact me at user info at domain adns.net.
Paul Vixie wrote:
you are confused. and in any case this is off-topic. take it to namedroppers,
but before you do, please read rfc's 1033, 1034, 1035, 2136, 2181, and 2317.
Can someone please tell me how a change to a critical component of the
Internet which has the capacity to cause harm is not
Try looking under Sean Donnelan (sp? Sorry Sean).
I think you are referring to something he did. However, I don't remember
for sure.
Owen
--On Wednesday, September 24, 2003 3:34 PM -0400 Steven M. Bellovin
[EMAIL PROTECTED] wrote:
In message [EMAIL PROTECTED], Scott Francis writes:
On Thu,
On Wed, Sep 24, 2003 at 03:06:30PM -0400, [EMAIL PROTECTED] said:
On Wed, 24 Sep 2003, Scott Francis wrote:
I don't know if it qualifies as an established standard, but ISTR that
Steve Bellovin had a paper about various levels of reliability in data
centers ... [searches] argh. I can't
RBLs Sounds like a great application for P2P.
Perhaps, but it also seems like moving an RBL onto a P2P network would
making poisoning the RBL far too easy...
Andrew
USENET, PGP-signed files, 20 lines in perl.
--vadim
The fact of the change is operational. The specifics may not be. In
this case, you've gone beyond general operational content and started
to delve into protocol specifications and the implementation thereof
for which there is a dedicated list in which there are people with
quite a bit more average
I realize that this is seriously off the wall.
There is a pretty secure P2P system (Groove) that was developed by Ray
Ozzie. Focus is on security on the wire, on the box, everywhere with
serious authentication - Diffie-Hellman exchanges and all the right
security toys. Admittedly when I run it at
Jack Bates wrote:
Mark Segal wrote:
I think some RBLs might get better responses from the ISPs when they stop
taking collateral damage gets the abuse department's attention
attitudes..
Some RBLs cause many providers a LOT of headaches, so it is not
surprising
that when it is their turn to
It has been mentioned in other places on the net (ok, yammerings on
slashdot, but this made a bit of sense) that blacklisting is a perfect
P2P application.
Each mailserver could keep a cryptographically verified list, the
list is distributed via some P2P mechanism, and DoS directed at
Duh... thanks but I've done my homework... :)
Hi!
http://www.openrbl.org
is also offline due to a DDoS.
The official announcememt can be read here:
http://groups.google.com/groups?hl=enlr=ie=UTF-8oe=UTF-8newwindow=1safe=offselm=vn1lufn8h6r38%40corp.supernews.com
Bye,
Raymond.
On Wed, 24 Sep 2003, David Schwartz wrote:
Each mailserver could keep a cryptographically verified list, the
list is distributed via some P2P mechanism, and DoS directed at the
'source' of the service only interrupts updates, and only does so until
the source slips an updated
Thus spake David Schwartz ([EMAIL PROTECTED]) [24/09/03 17:39]:
If anyone who attempts to distribute such a list is DoSed to oblivion,
people will stop being willing to distribute such a list. Yes, spam is an
economic activity, but spammers may engage in long-term planning. You can't
gateway.wcg.com (65.77.117.10) is being blacklisted by the
spamhaus service.
Can someone at Williams Communications get this taken care of?
Your mail server is being blocked by everyone who uses spamhaus
and it's delaying important mail from your company to one of our
customers.
gateway.wcg.com (65.77.117.10) is being blacklisted by the spamhaus
service.
Can someone at Williams Communications get this taken care of?
Your mail server is being blocked by everyone who uses spamhaus and it's
delaying important mail from your company to one of our customers.
Maybe I've missed something but since when did spamhaus become
vengeance oriented? All we try to do is eliminate as much spam
as we can using a wide variety of blacklists at the same time.
Thanks
[EMAIL PROTECTED] wrote:
Customers who use blacklists compiled by vengeance-oriented folk deserve
Maybe I've missed something but since when did spamhaus become vengeance
oriented? All we try to do is eliminate as much spam as we can using a
wide variety of blacklists at the same time.
The moment they started blacklisting IPs that never sent spam. (AKA
williams corporate mail servers).
In a message written on Wed, Sep 24, 2003 at 05:14:04PM -0400, [EMAIL PROTECTED] wrote:
The moment they started blacklisting IPs that never sent spam. (AKA
williams corporate mail servers).
For those who care:
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL10731
I quote:
] WilTel
To put some semi-new information of the looping spam discussion;
Here is a breakdown of the junk that took the priviledge of not arriving
to my inbox but taking a detour to the spam/virus trap in the last few
weeks:
| count| Country| asnumber | asdescription|
|
this is not without precedent..
Anyone from Cable and Wireless listening?
If I remember correctly, Cable and Wireless was blocked last year
or earlier this year by a similiar ploy.
And I also seem to remember them making major
complaints over on the SPAM-L list..
Later,
J
-Original
Even though this is off topic, I'd have to say that this seems very odd from
SpamHaus. They never seemed to isolate entire ranges but seemed more
specific. I can also say they were very fast to remove issues once the
spammers were removed and were also quite helpful.
I wonder does this
On Wed, 24 Sep 2003 16:28:52 -0700 Scott Granados [EMAIL PROTECTED] wrote:
Even though this is off topic, I'd have to say that this seems very odd
from
SpamHaus. They never seemed to isolate entire ranges but seemed more
specific. I can also say they were very fast to remove issues once the
On Wed, 24 Sep 2003 [EMAIL PROTECTED] wrote:
Customers who use blacklists compiled by vengeance-oriented folk deserve
what they get: No email.
Suggested solutions:
a) whitelist williams
b) stop using SBLs similar to spamhaus.
It is a question of trust: Do you trust spamhaus to block
On Wed, 24 Sep 2003, Leo Bicknell wrote:
Osama and his followers told us for years they didn't like what we
were doing, and then escalated by flying a plane into a building
to get our attention. That must have been ok by the same logic.
Godwin's Law should probably be extended to September
On Wed, Sep 24, 2003 at 08:01:48PM -0400, Leo Bicknell wrote:
What you're missing in my argument is that it doesn't matter. I
have no idea who Eddy Marin is, nor do I care. Blocking wcg's
corporate mail servers is not the solution. Sure, it may get
someone's attention at wcg, but it may
Andy Walden wrote:
Godwin's Law should probably be extended to September 11 references.
Walden's Corollary?
;-)
Eliot
On Wed, 24 Sep 2003 20:01:48 -0400, Leo Bicknell wrote:
Blocking wcg's corporate mail servers is not the solution.
It is the ONLY solution that works, as shown many times including
the case just posted to this list about Sprint.
Sure, it may get
someone's attention at wcg, but it may also
I know you all have probably already thought of
this, but can anyone think of a feasible way to run a RBL list that does not
have a single point of failure? Or any attackable entry?
Disregard this if im totally out of line, but it would seem
to me that this would be possible.
On Wed, 24 Sep 2003, Andy Walden wrote:
On Wed, 24 Sep 2003, Leo Bicknell wrote:
Osama and his followers told us for years they didn't like what we
were doing, and then escalated by flying a plane into a building
to get our attention. That must have been ok by the same logic.
Godwin's
Send RBL lists updates by email :)
I'm mostly serious - rbl lists can be easily incorporated as special filter
for email or it can run internal rbl (rbldns is very small code), emails
sent with specific characteristics can be filtered to trigger the update
(all such emails would need to be
I know you all have probably already thought of this, but can anyone think of a
feasible way to run a RBL list that does not have a single point of failure? Or
any attackable entry?
Subscription based and /
orfirewalled by approved IP ?
Disregard this if im totally out
of
Distribute the RBL list via Freenet ( http://freenet.sourceforge.net/ )
It's slow, but nearly impossible to suppress...
At 10:30 PM 9/24/2003 -0400, you wrote:
I know you all have probably already thought of this, but can anyone
think of a feasible way to run a RBL list that does
so far, the BIND8 code itself has been resistant to this feature, but...
see the current http://www.isc.org/products/BIND/delegation-only.html page.
On Wed, 24 Sep 2003 13:09:56 -, Stephen J. Wilcox [EMAIL PROTECTED] said:
for amusement thought the list might like to see my latest 419 email with not
a
single african government official in sight. amused us all here anyhow, not s
een
anything like this before!
I can do you one
Has anyone noticed excessively high latency between Global Crossing and
ATT? From what I've gathered, the PNIs between Global Crossing and ATT
are completely maxed out. The word is ATT will not increase peering
capacity with Global Crossing since their in bankruptcy protection. I am
certain
On Wed, 24 Sep 2003, Eric Kuhnke wrote:
: Distribute the RBL list via Freenet ( http://freenet.sourceforge.net/ )
:
: It's slow, but nearly impossible to suppress...
If you're on [EMAIL PROTECTED], someone has created a whole
proposal about this. I offered Entropy
On Sep 24, 2003, at 11:55 PM, Steven Schecter wrote:
Has anyone noticed excessively high latency between Global Crossing and
ATT? From what I've gathered, the PNIs between Global Crossing and
ATT
are completely maxed out. The word is ATT will not increase peering
capacity with Global
90 matches
Mail list logo