[plug] Blacklisted mail server?
Ben Jensz
plug at jensz.id.au
Sat May 6 13:24:25 WST 2006
Alex Nordstrom wrote:
> Either way, the person responsible for the system can't do anything
> about it unless they know about it.
>
>
This is true. Unfortunately some ISPs that don't take this seriously at
all. I've personally found the worst offender for this in Australia to
be Bigpond. They are the largest ISP in the country and their abuse
reporting system is pathetic.
There are a number of other ISPs in Australia that do deal with abuse
responses appropriately and even an automated response is better than
nothing. At least then you have an acknowledgment that they do have a
system for handling abuse reports - even if you don't get a human response.
> Bot nets operate by using exploited systems to find other exploitable
> system, so if you stop one, you *will* prevent some others from being
> exploited. It seems like you're saying that it's such a big problem
> that we should ignore it.
>
No, I'm not saying that. I'm saying that these are all reactive
responses to a problem that has already taken place. Basically all
you're doing is putting out the spot fires, when the person with the
matches is still running loose. Unfortunately its too easy for
companies to make money out of sending spam and get away with it (both
the spammers, and the companies whose goods/services are being flogged off).
> I don't particularly care where spam or security attacks originate. I
> have only two .au e-mail addresses out of just over a dozen, so those
> who target Australian addresses in particular are not of any special
> insterest to me. Also, I do get plenty of DDoS attempts and SSH attack
> attempts from within Australia, probably proportional to what you see
> from European countries when adjusted for infrastructure size.
>
>
With probably a fair amount of these probes being from compromised
systems anyway. So you'll never really track down the person(s)
responsible. But the more compromised systems that are taken down, the
better, no matter where they are.
>
> So since reporting exploit attempts from Australian systems doesn't
> reduce spam sent to Australians, I shouldn't bother?
>
>
Yes, you should bother. Every bit does help, but unfortunately because
of all of the people / providers who don't care - I don't see the
situation getting better anytime soon unfortunately.
> Yes, II Net blocks 22, 25, 80 (and perhaps a few more) by default. I
> just wish more ISPs would block UDP 1900 as well. I think few people
> realise how frequently used that vulnerability is, and there no reason
> for a LAN discovery protocol to traverse the Internet.
>
>
It's probably far less of a risk to the majority of end users than a lot
of other exploits that are blocked. Some of this comes back to software
companies though, and them taking responsibility for their bug ridden
software that allows these exploits to take place at all.
>
> And they will never do that unless their ISPs show them that they are
> accomplices in computer intrusions and porn spam operations, which is
> why ISPs need to take a more active stance, grow some balls, and start
> following up on offenders that just happen to be their customers.
>
>
But your typical user isn't going to understand this. They don't see
this as being something they have done to cause these sort of things
from happening. You can't really label them as offenders, essentially
they are victims as well. Even if it is through lack of education about
these sort of issues.
>
> A well-configured Linux system *is* a firewall. The reason Windows needs
> firewalls is to prevent programs and malware from listening to ports
> they shouldn't be listening to. It's the same ex post facto approach as
> using anti-virus programs instead of fixing the security holes.
>
But viruses will always exist, and often the most successful ones
require user intervention to be executed in the first place. So as
such, there is no security hole to exploit for a virus to spread if it
requires a user to open the attachment. Having security holes does make
it easier for things to be exploited, but people will always be the main
factor.
It could be argued that a well-configured Windows system will be fairly
safe as well. The problem is that the majority of Windows systems
aren't well-configured.. because they are left at default settings for
everything.
/ Ben
More information about the plug
mailing list