Re: XSServer / Taking down a spam friendly provider
On Wed, Oct 26, 2011 at 10:12:33AM -0400, Chris wrote: > Before somebody screams the path of least resistance of "just install > Akismet or (insert spam plugin here)", that type of thinking just > makes spam even worse because we just keep large, possibly stale, > databases of IP addresses that may or may not be active spammers and > does not address the issue. > > Does anyone have any recommendations > Examples of the offending IPs are: > 109.230.216.225 > 109.230.220.34 > 109.230.217.166 > 109.230.220.95 All four addresses are in the Spamhaus sbl-xbl list. It would take ~10 lines of python in your cgi program to work this out. Nicolai
Re: [SHAME] Spam Rats
On Thu, Jan 10, 2013 at 12:58:59PM +1000, Julian DeMarchi wrote: > This is the first RBL I have seen list a /24 for lack of PTRs. Maybe because it's redundant: a PTR check should be automatic on any incoming SMTP connection. Just think of all the traffic their survey tool generated in compiling this totally useless list. The humanity! Nicolai
BGP hijack of Spamhaus?
Hi all, Regarding the Spamhaus DDoS attack, there's a Cisco article [0] detailing its chronology, which cites greenhost.nl [1] claiming a BGP hijack by AS34109 (CB3ROB). Here, a /32 was announced (and accepted...) for 0.ns.spamhaus.org, and the fraudulent server returned 127.0.0.2 for *all* DNSBL queries, with the intent to undermine confidence in Spamhaus. Are there any confirmations of this claim? This needs to be investigated and proven/disproven. Nicolai 0. http://blogs.cisco.com/security/chronology-of-a-ddos-spamhaus/ 1. https://greenhost.nl/2013/03/21/spam-not-spam-tracking-hijacked-spamhaus-ip/
Re: BGP hijack of Spamhaus?
On Fri, Mar 29, 2013 at 07:14:52PM +0100, Job Snijders wrote: > Hi Nicolai, > > It really happened, here are my notes. > > http://instituut.net/~job/cb3rob-spamhaus-hijack-21-mar-2013.txt Thanks again for this, Job. (Other response in private mail.) I just wanted to note for anyone interested, there's another article stating that AS34109 (CB3ROB) had also recently hijacked 205.19.72.0/23, owned by the DoD, over the two week period from March 7-21. http://www.bgpmon.net/looking-at-the-spamhouse-ddos-from-a-bgp-perspective/ Nicolai
nanog@nanog.org
On Tue, Feb 07, 2012 at 10:20:07PM -0500, Ryan Rawdon wrote: > Assuming it is not a futile/wasted effort, where is the current best > place/resource to report an active botnet C&C to? I don't know if there's a single best option, but there are several good ones. In addition to Cymru I'd mention abuse.ch, which runs several public botnet C&C trackers. http://www.abuse.ch Nicolai
Re: Operation Ghost Click
On Fri, Apr 27, 2012 at 11:14:40PM -0500, A. Pishdadi wrote: > At some point in like 10 years when all the computer illiterate people are > gone there will be no more excuses for not being educated on malware and > viruses. The "non-techies" I know would consider switching from IE to Firefox a major change, one they think would qualify as a technical achievement. If you ask people about the underlying technical aspects of the software or hardware they use, most will know very little, if anything. Some won't even understand the question. On a weirdly related note, here's a story from a friend of mine who is a high school teacher. He told me once that a significant number of his students believe that the *original source* of food is a grocery store. Not a farm, but the food literally comes into being on a shelf in the produce section or meat counter. It all comes down to a lack of interest in what's going on under the hood, and this disinterest won't be gone in 10, 20, or 50 years. It's actually deepening as time goes on. Nicolai
Re: Cogent for ISP bandwidth
On Mon, May 14, 2012 at 09:38:34PM -0500, Ameen Pishdadi wrote: > No way they stack up against level3 or any of the other 4 big tier 1s > but if you throw them in a blend with level3 there shouldn't be any > issue and I wouldn't pay more the .75 cents a meg for a gig That's $7.50 per 1000mbps. Sign me up! Nicolai
Re: Please, talk me down.
On Wed, Oct 17, 2012 at 03:35:11AM +, Joseph Anthony Pasquale Holsten wrote: > First off, I'm using djbdns internally and it doesn't support > records. So we really aren't using it internally. I assume you mean stock djbdns doesn't support ip6, because it does indeed support records. I use both dnscache and tinydns from djbdns and records work fine for me. Note: I'm not using Felix von Leitner's ip6 patch. $ dig chocolatine.org +short 2610:130:103:e00:201:2ff:fe45:8308 Resolver is dnscache, authoritate server is tinydns. No problem. I think the problem you're experiencing, if there is one, is not related to either djbdns or ip6. Nicolai
Re: Please, talk me down.
On Sun, Oct 21, 2012 at 10:09:24PM +1100, Jay Mitchell wrote: > On 18/10/2012, at 7:44 AM, Nicolai wrote: > > I assume you mean stock djbdns doesn't support ip6, because it does > > indeed support records. > > Actually, it doesn't, as you so kindly pointed out. It does WITH a patch. No. djbdns 1.05 supports records as anyone can verify. To make sure myself I just downloaded stock djbdns from the cr.yp.to website, installed, and ran some queries. Works as it always has. $ dig he.net +short 2001:470:0:76::2 That's an unpatched, stock dnscache. John Levine already described in this thread how tinydns supports records, so there's no point going over it again. I only responded to this thread to correct misinformation. sigh As an aside, you may want to fix your DNS, as some mail receivers don't like this: $ dig -x 72.249.91.101 +short static.serversandhosting.com. $ dig a static.serversandhosting.com +short 72.249.3.27 Nicolai
Re: GMail contact - misroute / security issue
On Sun, Sep 28, 2014 at 10:42:56PM -0500, Grant Taylor wrote: > Specifically she is receiving emails for name>@gmail.com (no dots) when her email address is really name>..@gmail.com (dots). > > I don't know if this is a "feature" or a "bug", but either way, it's > disquieting my wife. (Unhappy wife = unhappy life.) Have your wife log in while omitting the dots, using e.g. "janeqpublic" instead of "jane.q.public" as the username. She'll see there's only one account, and it's her's, and that someone just typed the wrong address. Most likely reason: gmail is so common that someone mistypes johnsm...@example.com as johnsm...@gmail.com, not paying attention to what they're doing. It happens. Nicolai
Re: This is a coordinated hacking. (Was Re: Need help in flushing DNS)
On Thu, Jun 20, 2013 at 05:28:17PM -0400, valdis.kletni...@vt.edu wrote: > It's relatively small when you consider there's something like 140M .com's Just FWIW, the current size of .com is roughly 109M domains. Someday it will reach 140M but not today. Nicolai
Re: The US government has betrayed the Internet. We need to take it back
On Fri, Sep 06, 2013 at 02:27:32PM +, Naslund, Steve wrote: > If everyone cancelled their gmail accounts, stopped using Google search, > and stopped paying for Google placement and ads, their stock would go to > zero nearly overnight. Again, no one seems to care about the issue > enough to do this because I have seen no appreciable backlash against > these companies. I think Joe 6mbps sitting at home reads that everything he uses has been subverted. He doesn't know what alternatives exist, and doesn't have the technical knowledge neccessary to find them on his own. And faced with a false choice -- stop using the Internet, or continue using it as he knows how -- he chooses the one that retains his ability to communicate with family and friends and keep up on the things he cares about. Schneier is saying we need to build better options for Joe 6mbps, competing with the PRISM-compatable services, so that privacy-respecting services become known and commonplace. Nicolai
Re: The US government has betrayed the Internet. We need to take it back
On Fri, Sep 06, 2013 at 01:52:16PM -0400, Sam Moats wrote: > The problem being is when you do have a provider that appears to be > secure and out of reach, think lavabit, that provider will not survive > for long. That's true -- it is far easier to subvert email than most other services, and in the case of email we probably need a wholly new protocol. But many or most services can be sufficiently improved, and that's the goal: improvement. http://prism-break.org/ lists examples of this improvement. Nicolai
Re: The US government has betrayed the Internet. We need to take it back
On Fri, Sep 06, 2013 at 12:03:56PM -0700, Michael Thomas wrote: > On 09/06/2013 11:19 AM, Nicolai wrote: > >That's true -- it is far easier to subvert email than most other > >services, and in the case of email we probably need a wholly new > >protocol. > > > > Uh, a first step might be to just turn on [START]TLS. We're not using the > tools that have been implemented and deployed for a decade at least. Agreed. Although some people are uncomfortable with OpenSSL's track record, and don't want to trade system security for better-than-plaintext network security. But the deeper issue is coercing providers to give up mail stored on private servers, bypassing the network altogether. TLS doesn't address this problem. Short term: deploy [START]TLS. Long term: we need a new email protocol with E2E encryption. Nicolai
Re: OpenNTPProject.org
On Tue, Jan 14, 2014 at 09:18:30AM +0200, Saku Ytti wrote: > DNS, NTP, SNMP, chargen et.al. could trivially change to QUIC/MinimaLT > or compared, getting same 0 RTT penalty as UDP without reflection > potential. I wouldn't say trivial, but QUIC and MinimaLT are hopefully the future. The near future, I hope! For now I'd just like to mention that OpenNTPD, from the OpenBSD project, is immune to the kind of large NTP amplification attacks now being discussed. It's certainly a good fit for some organizations/setups. http://www.openntpd.org Nicolai
