On 3/17/04 7:48 PM, Bill Cole at [EMAIL PROTECTED] wrote: > At 6:36 AM -0600 3/17/04, Larry Stone imposed structure on a stream > of electrons, yielding: >> I know this is somewhat off-topic for SIMS but since most of what I know >> about blacklists I learned here, I'll post it here. >> >> Yesterday, for several hours, the IP address used by my SIMS server was >> listed by cbl.abuseat.org (and of course, by xbl.spamhaus.org). The address >> is actually a wireless NAT router with 3 Macs, 2 PCs, and 2TiVos behind it. >> The wireless gateway is using 128-bit encryption but until this morning, was >> broadcasting the SSID. > > The real question is the key strategy for that wireless gateway. > 128-bit WEP isn't a 10-second crack if you have MAC filtering (that's > MAC not Mac) and aren't using 'open' authentication, and may be quite > tough on a low-traffic network, but if our network is essentially > open to anyone or even to anyone who can fake a MAC address, there's > a reasonably strong chance that someone hopped on your insecure > network and used your connection to spam through.
I wasn't aware 128-bit WEP was that insecure. I had assumed having a good password was enough. I've now turned off SSID broadcast, changed the WEP password, and turned on MAC filtering. >> I immediately attempted to update the virus definitions on the PCs (Norton) >> but they were up-to-date. Took the machines offline and ran full scans which >> turned up nothing. If there's a virus here, Norton can't find it. Both PCs >> are back on-line. > > Also run over them with Spybot AND AdAware. The AV companies don't > like to call anything which has a known publisher a virus. There also > is at least one spammer (Atriks) who is supposedly running a con > whereby they get users to download their spamming agent to run in the > background and supposedly make the idiot user some fraction of a cent Will do. On further thing I've done is separate the clients from the server. Since my provider nicely provides two IP addresses in my service and I had the needed hardware to do it, the mail server now is on a separate address from everything else. So assuming this was something from the client side, that should minimize the damage to the server side of things. It will complicate making backups since I do network backups and the backup software won't work across different subnets so I'll have to occasionally shutdown the mail server and move the server to the client subnet. -- Larry Stone [EMAIL PROTECTED] http://www.stonejongleux.com/ ############################################################# This message is sent to you because you are subscribed to the mailing list <[EMAIL PROTECTED]>. To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
