Paul Vixie wrote:
so, we know that a "broadband customer netblock" operator will not
handle complaints, will not fix the systems that are known to be
running third-hand malware, and that the only recourse against abuse
from those places is blackholing them one (ipv4) /32 at a time, or
blackholing
On Mon, Apr 19, 2004 at 08:50:34AM +0300, Petri Helenius wrote:
> > Let's face it -- this shouldn't have to be the ISP's problem.
> > Microsoft needs to quit rushing out new OS releases without properly
> > straining them and stress testing to find as many holes as they can.
> > They need to st
Brandon Shiers wrote:
Let's face it -- this shouldn't have to be the ISP's problem.
Microsoft needs to quit rushing out new OS releases without properly
straining them and stress testing to find as many holes as they can.
They need to start cracking down on themselves and really start
worrying
I think something like this would be best (safest?) used on collection
mx hosts.. hosts that clients would not connect with to send mail.. just
other servers delivering mail inward.. I personally can't imagine why
someone would want to use a win95/98/Me system as a mta.. so this
probably would
> Patrick W.Gilmore wrote:
> The point still stands - without real multi-homing
> so I do not have to be dependent upon a single
> vendor, IPv6 is simply not an option.
> Quick Meta-Question: Why was was this even
> considered when v6 was being engineered?
Yes, although the magnitude of the probl
Thanks, Joe.
A couple of extra points -
Joe Abley <[EMAIL PROTECTED]> wrote:
> - Exim Mail Server
This tutorial is by Philip Hazel, the author of the exim mailserver.
> - APCAUCE tutorials and meeting
Agenda being finalized - please watch http://www.apcauce.org for
details.
srs
[forwarded on behalf of the organisers]
---
SANOG IV
23-30 July, 2004
Kathmandu, Nepal
SANOG IV Program and Registration Announcement
South Asian Network Operators Group (SANOG) IV program and agenda are
now published on http://www.sanog.org/sanog4/. The registration has
also now been opened.
On Apr 18, 2004, at 11:40 PM, Matt Hess wrote:
I was amused at this and decided to look real quick.. OpenBSD's pf can
block on OS fingerprints.. effectively doing exactly what you are
kidding about (at least I'd hope so.. well, maybe) even in the man
page example they put:
# Do not allow Wind
On Apr 18, 2004, at 1:06 PM, Iljitsch van Beijnum wrote:
On 18-apr-04, at 12:16, Patrick W.Gilmore wrote:
Those are semi-nice features. Not sure I would use it as an excuse
to migrate, though, since the need for them can easily be avoided in
v4.
Sure. But I do find myself saying "if we were do
Yes I was being mostly facetious. But as others pointed out-
Micro$not is as much to blame for the spam problem as Road Runner and
CommieCast with their extremely shoddy software. Open proxies, worms,
relays, spyware ad nauseum.
I was amused at this and decided to look real quick.. OpenBSD's p
I was amused at this and decided to look real quick.. OpenBSD's pf can
block on OS fingerprints.. effectively doing exactly what you are
kidding about (at least I'd hope so.. well, maybe) even in the man page
example they put:
# Do not allow Windows 9x SMTP connections since they are typically
On Sun, 18 Apr 2004 23:16:36 -0400 (EDT)
Sean Donelan <[EMAIL PROTECTED]> wrote:
Should ISPs start requiring their users to install Windows XP SP2?
IMHO:
Not if they want to stay in business. Our customer base is probably
80%Win 9x users. I can't speak for everybody else, but I would be
will
> Sean Donelan
> Should ISPs start requiring their users to install Windows XP SP2?
Most of those of us that work with m$ products on a daily basis are not
too hot about installing beta code in production. A week after m$
releases it, and after carefully listening to the volume of screams
coming
I haven't seen it mentioned yet but I believe that some may be looking
for something like the lists at: http://www.blackholes.us/ and if it has
been mentioned already I apologize for the duplicate.
Doug White wrote:
:
:
:
: Lou Katz wrote:
: >
: > On Sun, Apr 18, 2004 at 02:01:45PM -0400, J
On Sun, 18 Apr 2004, Doug White wrote:
> I likewise would like to see a better way - but changing the whole internet is
> completely illogical.
> Educating the masses is the same.
> As soon as I see a solution that will work, I will probably try to implement it
> on my system.
Abbot and Costello
:
: That's why I keep advocating better ways to identify the specific sources
: of the unwanted traffic, even if they change IP addresses. That way you
: could positively block the infected computers from not only mail but
: anything else you don't want to supply (no more GOOGLE/YAHOO/CNN for you
On Sun, 18 Apr 2004, Doug White wrote:
> Well, Paul did advance a methodology - blackhole them all
If Paul came up with a practical way to fix millions of compromised
computers which didn't involve hiring entire second-world countries
to talk grandma through the process, I think many people woul
:
:
:
: Lou Katz wrote:
: >
: > On Sun, Apr 18, 2004 at 02:01:45PM -0400, Jerry Eyers wrote:
: > >
: > > >Spamming is pervasive mainly due to the inattention or failure to
enforce
: > > >acceptable use policies by the service provider.
: > >
: > > I must point out that this statement is just fla
Lou Katz wrote:
>
> On Sun, Apr 18, 2004 at 02:01:45PM -0400, Jerry Eyers wrote:
> >
> > >Spamming is pervasive mainly due to the inattention or failure to enforce
> > >acceptable use policies by the service provider.
> >
> > I must point out that this statement is just flat wrong.
> >
> > Spam
> Be careful about the slice and dice effect. Depending on how you divide
> up the numbers you can make any thing come out on top. In some sense
> the problem is a lot worse. Its not just spam, worms, viruses. Its not
> just residential broadband users. Its not even just Microsoft Windows.
w
On Sun, 18 Apr 2004, Alex Bligh wrote:
> Whilst that may gave you some heuristic help, I'm not sure
> about the language. HINFO used that way neither /authenticates/
> the address (in any meaningful manner as the reverse DNS holder
> can put in whatever they like), nor does it /authenticate/ the
>
> william(at)elan.net wrote:
> Like what? 128bit ip addresses so we don't run out 10 years from now?
Maybe. Given the current stockpiling plus the extension of IPv4 to 32
bits to 48 bits (32 bits+port) that shortage that we have heard for the
last 10 years would happen any time soon might not eve
On Sun, 18 Apr 2004, Michel Py wrote:
> - Tomorrow, IPv4 will get the small upgrades that are needed.
Like what? 128bit ip addresses so we don't run out 10 years from now?
Or ability to do QoS PtP over internet? Or security that is built in and
not part of additional layer?
Perhaps ipv6 has
this gibberish...
>Spamming is pervasive mainly due to the inattention or failure to enforc=
e=0D
>acceptable use policies by the service provider. =0D
=0D
...is unreadable, and so is...
>Spamming is pervasive mainly due to the inattention or failure t=
o enforce
>acceptable use
On Sun, 18 Apr 2004, Iljitsch van Beijnum wrote:
> Sure. But I do find myself saying "if we were doing IPv6 right now
> we wouldn't have this problem" more and more.
Which problem is that? ;)
(and if it involves NAT... sorry, no.)
> See http://countipv6.bgpexpert.com/. The different numbers u
On Sun, 18 Apr 2004, Sean Donelan wrote:
> I suggested using something like HINFO in the in-addr.arpa address
> zones for service providers to give similar information about IP
> addresses. Yes, I know, using DNS for yet something else. LDAP or
> RWHOIS or any other global mechanism could be use
[consolidated some posts]
> Alex Bligh wrote:
> As an IPv6 skeptic I would note that some protocols NAT
> extremely badly (SIP for instance), and the bodges to fix
> it are costly. So if IPv6 means I can avoid NAT, that can
> actually save $$$.
Likely the market will find some other way, which i
> >Renumbering is much easier.
>
> I like this one.
Now this is a funny one about IPv6.
How is renumbering *any* easier than IPv4? Yes you have autoconf
based on route advertisements/solicits on the client end from the
routers, but how is that any different than IPv4+DHCP?
Is it perhaps b/c IPv
On Sun, 18 Apr 2004 14:01:45 -0400 (Eastern Daylight Time), Jerry Eyers wrote:
>>Spamming is pervasive mainly due to the inattention or failure to enforce
>
>>acceptable use policies by the service provider.
>
>I must point out that this statement is just flat wrong.
It's flat right. See docum
On 18 Apr 2004 06:13:35 +, Paul Vixie wrote:
>The new motto here is: "Blackhole 'em all and let market
forces sort 'em out."
Hooray.
May Comcast rot in hell. They are completely irresponsible.
Don't even send an auto-ignore message.
Jeffrey Race
On Sun, Apr 18, 2004 at 02:01:45PM -0400, Jerry Eyers wrote:
>
> >Spamming is pervasive mainly due to the inattention or failure to enforce
> >acceptable use policies by the service provider.
>
> I must point out that this statement is just flat wrong.
>
> Spamming exists because spamming wor
> Cost transference. The cost of Spam via postal mail is borne by the
sender.
> When sent via email, the cost is shouldered by the recipient.
It is not perfect comparation. For both, e-mail and post-mail, recipient
pays the same cost for sorting mail , mail box etc. But, for e-mail, sender
pays n
>Spamming is pervasive mainly due to the inattention or failure to enforce
>acceptable use policies by the service provider.
I must point out that this statement is just flat wrong.
Spamming exists because spamming works. Why do spammers send
out millions of emails? Because thousand
On 18-apr-04, at 12:16, Patrick W.Gilmore wrote:
[...]
Those are semi-nice features. Not sure I would use it as an excuse to
migrate, though, since the need for them can easily be avoided in v4.
Sure. But I do find myself saying "if we were doing IPv6 right now we
wouldn't have this problem" m
On Sun, 18 Apr 2004, Iljitsch van Beijnum wrote:
> Let me count the ways... At home it's great because of the extra
> address space. I have a /29 at home, which is pretty luxurious
> compared to what most people have, but not nearly enough to give
> all my boxes a real address if I turn them all
> Maybe a stupid question... But if broadband providers aren't going to do
> this, and considering there are way less legitimate SMTP senders than
> broadband users, wouldn't it make more sense to whitelist known real SMTP
> sources rather than blacklist all addresses that potentially have a fake
On Apr 18, 2004, at 4:32 AM, Iljitsch van Beijnum wrote:
On 18-apr-04, at 4:48, Paul Jakma wrote:
Well, let's be honest, name one good reason why you'd want IPv6
(given you have 4)?
Let me count the ways... At home it's great because of the extra
address space. I have a /29 at home, which is pre
On 18-apr-04, at 16:55, Paul Vixie wrote:
we already know that the average broadband provider is not even aware
of their
role in the overall spam problem, and does not have the budget to
employ
anyone who could (a) become aware of an HINFO-like registry, (b) know
what
category their netblocks b
> > ... Margin pressure makes it impossible for most "broadband" service
> > providers to even catalogue known-defect customer systems or process
> > complaints about them.
>
> What is the estimated cost per subscriber of such an operation in your
> opinion and where should it be to make it feasib
> I suggested using something like HINFO in the in-addr.arpa address
> zones for service providers to give similar information about IP
> addresses. Yes, I know, using DNS for yet something else. LDAP or
> RWHOIS or any other global mechanism could be used.
more uses for dns is actually a good
Paul Jakma wrote:
Well, let's be honest, name one good reason why you'd want IPv6
(given you have 4)? And, to be more on-topic, name one good reason
why a network operator would want it? Especially given that, apart
from the traditional bleeding edges (academic networks), no customers
are asking f
At 10:32 AM +0200 4/18/04, Iljitsch van Beijnum wrote:
> And customers who do ask, are routinely turned down.
Change providers. A request for new functionality from existing
customers may not always get the attention it deserves, but I don't
know of a provider that doesn't sit up and pay atten
--On 18 April 2004 02:56 -0400 Sean Donelan <[EMAIL PROTECTED]> wrote:
If you don't want to accept connections from indeterminate or
unauthenticated addresses, its your choice.
Whilst that may gave you some heuristic help, I'm not sure
about the language. HINFO used that way neither /authenticat
--On 18 April 2004 03:48 +0100 Paul Jakma <[EMAIL PROTECTED]> wrote:
Well, let's be honest, name one good reason why you'd want IPv6
(given you have 4)?
As an IPv6 skeptic I would note that some protocols NAT extremely badly
(SIP for instance), and the bodges to fix it are costly. So if IPv6 mea
Paul Vixie wrote:
So-called "broadband" user populations (cable, dsl, fixed wireless, mobile
wireless) are full time connected, or nearly so. They are technically
unsophisticated, on average. The platforms they run trade convenience for
security, and must do so in order to remain competitive/rel
So-called "broadband" user populations (cable, dsl, fixed wireless, mobile
wireless) are full time connected, or nearly so. They are technically
unsophisticated, on average. The platforms they run trade convenience for
security, and must do so in order to remain competitive/relevant. Margin
pre
On 18-apr-04, at 4:48, Paul Jakma wrote:
Oh oh I see another one taking the path that leads to the dark side.
Michel, you forgot to include the audio:
http://www.bgpexpert.com/darkside.mp3
Well, let's be honest, name one good reason why you'd want IPv6
(given you have 4)?
Let me count the ways..
47 matches
Mail list logo