On Sun, 8 Feb 2004, Suresh Ramasubramanian wrote:
Another thing that helps with easier identification is a practice some
ISPs have of inserting the MAC address of the host into the reverse DNS
record, with a short TTL. When a new host gets that IP, the MAC address
changes too. I have seen
Sean Donelan wrote:
In practice MAC address tracking only works for a few very specific ISP
architectures, such as when the ISP supplies the hardware used to connect
to the network.
I'm aware of these - but surely there's something about the user which
you can stick into rDNS (hashed / encrypted
Iljitsch van Beijnum wrote:
Coming up with new types of probes all the time to check for this would
be a huge amount of work.
Would that be any less work than clearing up the mess left by an
infestation of DDoS zombies? :)
I favor an approach where people no longer get to send data at high
On Sun, 8 Feb 2004, Suresh Ramasubramanian wrote:
The problem with trojans etc is that there so damn many of them, so the
less time spent actually tracking down the user who was on IP X at time
Y, the better it is for the ISP's staffers who handle complaints about
these.
I have asked
This report has been generated at Sun Feb 8 20:47:27 2004 AEST.
The report analyses the BGP Routing Table of an AS4637 (Reach) router
and generates a report on aggregation potential within the table.
Check http://www.cidr-report.org/as4637 for a current version of this report.
Recent Table
Mikael == Mikael Abrahamsson [EMAIL PROTECTED] writes:
Mikael On Sun, 8 Feb 2004, Suresh Ramasubramanian wrote:
Mikael I have asked about this before. Wouldnt it be very nice if
Mikael there was a standardized way to report IP-number and
Mikael timestamp and type of complaint?
Now, from your logs, just how much legitimate mail do you get that comes
from an IP without PTR RR, and how much is that expressed as a
percentage of legitimate incoming mail to your lists? How much is that
as a percentage of spam inbound to your list [to be fair, let's make it
spam
On 8-feb-04, at 10:05, Suresh Ramasubramanian wrote:
Coming up with new types of probes all the time to check for this
would be a huge amount of work.
Would that be any less work than clearing up the mess left by an
infestation of DDoS zombies? :)
Apples and oranges. You need to clean up the
I'm aware of these - but surely there's something about the user which
you can stick into rDNS (hashed / encrypted if you like) that'll
identify the user?
The problem with trojans etc is that there so damn many of them, so the
less time spent actually tracking down the user who was on IP X
Hi Mikael,
Aside from the standardization issue, some of the problems with reports as
they stand are that they can be routed to the wrong people, there is no
clear way of verifying the authenticity of the data, and the sheer number of
reports can inundate a given abuse helpdesk such that they
[EMAIL PROTECTED] (Sean Donelan) writes:
A Google search turned up http://www.unixwiz.net/techtips/pacbell-rdns.html
But wouldn't this defeat the very behavior you are depending on to
block mail? If every network administrator had reverse DNS for every
IP address, your check for systems
The 'nothing to do with me' mob are the major offenders, making up 90 per
cent of the 1,000 UK employees surveyed. This vast majority believe that
they have no part to play in preventing the spread of viruses, and that
it is the responsibility of the IT department, Microsoft or the government.
Paul == Paul Vixie [EMAIL PROTECTED] writes:
Paul that's one check of many. the PTR has to match the HELO, which
Paul means all of the worms and spammers who forge @yahoo.com
Paul addresses and use YAHOO.COM as their HELO will continue to get
Paul hammered.
If you're going to get picky
SD Date: Sun, 8 Feb 2004 15:41:53 -0500 (EST)
SD From: Sean Donelan
SD http://www.silicon.com/software/security/0,39024655,39118228,00.htm
Not surprising. In our experience, I'm not concerned about
security, because I don't have anything really important on the
computer is all too common of an
Hi, this may be premature;
The wireless in the bar is a little spotty - can someone maybe add an AP
or two?
Tim
SD Date: Sun, 8 Feb 2004 02:01:29 -0500 (EST)
SD From: Sean Donelan
SD Instead of Doubleclick tracking users with Cookies, they
SD would be able to track the unique computers from the MAC
SD address in the reverse DNS record over time.
A MAC address is six octets. Append time past Epoch when
the package in question (and maybe others do as well) has the option to
perform the reverse you describe. we tried the milder version first which
only verifies the ip sending the packets has a ptr - no domain xref. our
upstream provider is our alternate mx (with a higher pref, of course). any
Once upon a time, Andrew - Supernews [EMAIL PROTECTED] said:
If you're going to get picky about HELO names, then it's better to
require that the HELO has an A record pointing to the connecting IP,
rather than look at PTR.
That isn't necessarily a good test; for example, we've got a couple of
On Sun, 8 Feb 2004, Suresh Ramasubramanian wrote:
In practice MAC address tracking only works for a few very specific ISP
architectures, such as when the ISP supplies the hardware used to connect
to the network.
I'm aware of these - but surely there's something about the user which
you
On Sun, 8 Feb 2004, E.B. Dreger wrote:
SD Instead of Doubleclick tracking users with Cookies, they
SD would be able to track the unique computers from the MAC
SD address in the reverse DNS record over time.
A MAC address is six octets. Append time past Epoch when IP was
assigned; that's
Chris == Chris Adams [EMAIL PROTECTED] writes:
Once upon a time, Andrew - Supernews [EMAIL PROTECTED] said:
If you're going to get picky about HELO names, then it's better to
require that the HELO has an A record pointing to the connecting IP,
rather than look at PTR.
Chris That isn't
http://www.silicon.com/software/security/0,39024655,39118228,00.htm
The puzzling thing about this is the basic assumption (by the author of
the article) that computers are fragile and infection-prone and that users
who don't know how to protect them are somehow part of the problem.
At the
SD Date: Sun, 8 Feb 2004 17:43:34 -0500 (EST)
SD From: Sean Donelan
SD Again, why does an ISP need to spend the money and as you
SD point out the extra hassle, to do this? ISPs already have
SD all the information they need to trace a subscriber from the
SD IP address and timestamp.
I'm not
There is nothing wrong with a user who thinks they should not have to know
how to protect their computer from virus infections.
Thank you, you made my day! Now I know that my judgement isn't clouded by
the severe chest cold I am suffering from.
Adi
In this past year's tour of my friends and family, I've taken to
removing their antivirus software at the same time I remove their
spyware, and I've taken to installing Mozilla (with its IMAP client) as
a way to keep the machine from having any dependency on anti-virus
software. IT managers
There is nothing wrong with a user who thinks they should
not have to know how to protect their computer from virus
infections. If we (the community who provides them service
and software) can't make it safe-by-default, then the
problem rests with us, not with the end users.
This is
In article [EMAIL PROTECTED], Terry Baranski
[EMAIL PROTECTED] writes
Society as a whole could benefit from people taking more responsibility
for themselves -- the Internet doesn't seem any different in this
regard.
Which is fine (some would argue) as long as their irresponsibility
affects
On Sun, 8 Feb 2004 21:03:29 + (GMT), E.B. Dreger wrote:
Most of our users are reasonable, however. With a little
explanation about the harm an insecure computer can cause, they
understand and accept the fact that they're not islands.
Of course, many still get infected with spyware and
PV Date: 08 Feb 2004 22:46:17 +
PV From: Paul Vixie
PV There is nothing wrong with a user who thinks they should not
PV have to know how to protect their computer from virus
PV infections. If we (the community who provides them service
PV and software) can't make it safe-by-default, then
On Mon, 09 Feb 2004 01:17:00 GMT, E.B. Dreger [EMAIL PROTECTED] said:
Cool. I guess I'll quit locking doors, leave valuable items
unsecured and unattended in plain sight, and generally rely on
law enforcement to keep everything safe. It'll be more
convenient and less effort for me.
On Sun, 8 Feb 2004, Paul Vixie wrote:
The puzzling thing about this is the basic assumption (by the author of
the article) that computers are fragile and infection-prone and that users
who don't know how to protect them are somehow part of the problem.
The way corporations solve the problem
In this past year's tour of my friends and family, I've taken to removing
their antivirus software at the same time I remove their spyware, and I've
taken to installing Mozilla (with its IMAP client) as a way to keep the
machine from having any dependency on anti-virus software. IT managers
Iljitsch van Beijnum wrote:
traffic. But how are you going to infect a million boxes if you can only
scan one address per second?
Maybe just infect a million windows boxes on your network with a trojan,
and then have the trojan phone home (say to an irc channel or a central
controlling server)
On Sun, 8 Feb 2004, Sean Donelan wrote:
Unfortunately, people want to install arbitrary software on their
computers and are willing to bypass every control to do it.
Which is rather interesting... As probably every person on this mailing
list does regularly, I end up sitting at a computer
Sean Donelan wrote:
But I still don't understand why an ISP unwilling to spend the money
to trace uses with RADIUS or other existing methods; is going to want
to spend money on interfacing their systems with Dynamic DNS servers and
All I'm saying, Sean, is that there should be a quick way (or even
Guðbjörn Hreinsson wrote:
ip ranges is sending worms and automatically disables those users... I see
no gain from adding anything in DNS, like reverse records.
well, rDNS is just one way. If you have some relatively automated (and
automatic, easy to trigger from your mailserver logs, your
In message [EMAIL PROTECTED], Mikael A
brahamsson writes:
On Sun, 8 Feb 2004, Suresh Ramasubramanian wrote:
The problem with trojans etc is that there so damn many of them, so the
less time spent actually tracking down the user who was on IP X at time
Y, the better it is for the ISP's
In article [EMAIL PROTECTED], Charles Sprickman
[EMAIL PROTECTED] writes
So why the apparent lack of junkware? [on the Mac]
I presume this is because the marketers believe in the 80:20 rule, and
the Mac is well inside the 20.
--
Roland Perry
In message [EMAIL PROTECTED], Paul Vixie writes:
I think the tipping point went by a while ago, and that anyone who wants
their e-mail to be accepted will make sure their mail relay has a PTR and
that that this PTR holds the same name used in the SMTP HELO command.
Of course, not all that
I think the tipping point went by a while ago, and that anyone who wants
their e-mail to be accepted will make sure their mail relay has a PTR and
that that this PTR holds the same name used in the SMTP HELO command.
Of course, not all that long ago ATT Worldnet got crucified -- on this
On Sun, Feb 08, 2004 at 08:29:17PM +, Paul Vixie wrote:
[EMAIL PROTECTED] (Sean Donelan) writes:
A Google search turned up http://www.unixwiz.net/techtips/pacbell-rdns.html
Or do we actually want a Fortune 1000 network. Direct communications
are prohibited between most users.
On Sun, 08 Feb 2004 21:10:50 PST, Lou Katz [EMAIL PROTECTED] said:
The side effect of this are truly chilling - no more peer-to-peer, and private
conversations are now the property of others.
Phil Zimmerman has a solution for the second part there.
The loss of peer-to-peer is however a bit
On Sun, 8 Feb 2004, Paul Vixie wrote:
: http://www.silicon.com/software/security/0,39024655,39118228,00.htm
:
: The puzzling thing about this is the basic assumption (by the author of
: the article) that computers are fragile and infection-prone and that users
: who don't know how to protect
43 matches
Mail list logo