On Tue, 24 Jun 2003, Paul Vixie wrote:
>
> > > Security is a lifestyle.
> >
> > People laugh when I say this, do they laugh when you say it?
>
> you have to turn it around, "insecurity is a lifestyle", before people
> will skip the polite (because they think you're joking and it isn't
> funny) o
"Christopher L. Morrow" <[EMAIL PROTECTED]> wrote:
>
>
> On Tue, 24 Jun 2003, gml wrote:
>
> > Security is a lifestyle.
> >
>
> People laugh when I say this, do they laugh when you say it?
usually they remember a very important event that must be attended to,
and assure me that they do bel
> > Security is a lifestyle.
>
> People laugh when I say this, do they laugh when you say it?
you have to turn it around, "insecurity is a lifestyle", before people
will skip the polite (because they think you're joking and it isn't
funny) or nervous (because they think you're paranoid) laughter
:00 AM
> To: Niels Bakker
> Cc: [EMAIL PROTECTED]
> Subject: Re: ISPs are asked to block yet another port
>
>
>
>
> On Tue, 24 Jun 2003, Niels Bakker wrote:
>
> >
> > * [EMAIL PROTECTED] (Christopher L. Morrow) [Mon 23 Jun 2003, 18:01 CEST]:
> > [..]
>
On Tue, 24 Jun 2003, Niels Bakker wrote:
>
> * [EMAIL PROTECTED] (Christopher L. Morrow) [Mon 23 Jun 2003, 18:01 CEST]:
> [..]
> > Two interesting points though:
> >
> > 1) Spammers adapt
> > 2) default insecure OS installs cause problems
>
> Employees of XS4ALL, a Dutch ISP, today held several
* [EMAIL PROTECTED] (Christopher L. Morrow) [Mon 23 Jun 2003, 18:01 CEST]:
[..]
> Two interesting points though:
>
> 1) Spammers adapt
> 2) default insecure OS installs cause problems
Employees of XS4ALL, a Dutch ISP, today held several talks about a
variety of subjects for its customers to cele
[EMAIL PROTECTED] (Jack Bates) writes:
> There is another fix for it. If neither provider allowed spoofing, then
> the individual couldn't send spoofed packets out one way and allow the
> syn/ack back via the other. Of course, there are better reasons for
> spoof protection ingress/egress than
On Mon, 23 Jun 2003, Paul Vixie wrote:
>
> > Its a sucky world sometimes. Perhaps Paul complained to
> > ATT/ with logs and such? :)
>
> oh yes. i tried *several* ways to get their attention. however, this
> kind of activity is so common these days that a noc literally has no
> choice but to f
> Its a sucky world sometimes. Perhaps Paul complained to
> ATT/ with logs and such? :)
oh yes. i tried *several* ways to get their attention. however, this
kind of activity is so common these days that a noc literally has no
choice but to focus their efforts on less common and more damaging
th
Christopher L. Morrow wrote:
This is what our, atleast, abuse team calls 'fantasy mail'. There is a fix
for it, port 25 in and out filtering for radius customers. The 'problem'
as I understand it, is that the change would be a contract change so it
has to wait for expiration of said contract to be
On Mon, 23 Jun 2003, Paul Vixie wrote:
>
> [EMAIL PROTECTED] ("Christopher L. Morrow") writes:
>
> > ISP's could block all ports and save everyone the hassle of having an
> > Internet (I am just kidding of course)
> >
> > Two interesting points though:
> >
> > 1) Spammers adapt
> > 2) defaul
On 23 Jun 2003, Paul Vixie wrote:
> 3) thoughtless reactionism at isp's does little good and sometimes some harm.
>
> take for example port-25 blocking. i've been getting relayprobed all
> weekend by someone who gets around outbound at&t's tcp/25 SYN blocking
> by sending their SYN's through a
[EMAIL PROTECTED] ("Christopher L. Morrow") writes:
> ISP's could block all ports and save everyone the hassle of having an
> Internet (I am just kidding of course)
>
> Two interesting points though:
>
> 1) Spammers adapt
> 2) default insecure OS installs cause problems
3) thoughtless reac
On Mon, Jun 23, 2003 at 03:59:56PM +, Christopher L. Morrow wrote:
> On Mon, 23 Jun 2003, Sean Donelan wrote:
> > http://www.lurhq.com/popup_spam.html
> >
> > How many ports should ISPs block? People still buy and connect insecure
> > computers to the net.
>
> ISP's could block all ports and
On Mon, 23 Jun 2003, Sean Donelan wrote:
>
> http://www.lurhq.com/popup_spam.html
>
> How many ports should ISPs block? People still buy and connect insecure
> computers to the net.
>
>
ISP's could block all ports and save everyone the hassle of having an
Internet (I am just kidding of cou
Sean Donelan wrote:
>
> http://www.lurhq.com/popup_spam.html
>
> "LURHQ Corporation has observed traffic to large blocks of IP addresses on
> udp port 1026. [...]
I haven't (yet) seen any scans of port 1026, but looking at my (home)
logs I have seen several with a fixed source port of 1026 (d
At 2:58 -0400 6/23/03, Jeff Kell wrote:
And as was noted earlier, unconditionally blocking udp/1026 will cause
a lot of collateral damage when udp/1026 outbound is used as an ephemeral port
for a legitimate UDP-based service (DNS, NTP, etc).
Jeff
It's been a long time since I did any substantial BS
The description by LURHQ is misleading. Messenger is an RPC service.
Typical pop-up spammers queried 135 (Windows RPC portmapper) to find the
port number of the messenger service, then send the message to that
port. It turns out that messenger can "typically" be found on 1026.
And as was note
On Monday, 2003-06-23 at 01:59 AST, Sean Donelan <[EMAIL PROTECTED]> wrote:
> http://www.lurhq.com/popup_spam.html
>
> "LURHQ Corporation has observed traffic to large blocks of IP addresses
on
> udp port 1026. This traffic started around June 18, 2003 and has been
> constant since that time. LU
19 matches
Mail list logo
