lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
From: emvs.fd.3FB4D11C at cpo.tn.tudelft.nl (Erik van Straten) Subject: Proposal: how to notify owners of compromised PC's On Wed, 28 Jan 2004 17:19:08 +0100 Thomas Zangl wrote: >Erik van Straten wrote: >>If major sites like Google, MSN etc. would query rapid DSL and dialup >>blacklists, they could visually inform the visitor that their PC is >>listed (+ inform them what to do, direct them to online AV etc). > >Bad idea! Think about all those hosts listed in a RBL and the users can't >do anything about it? Especially dailup/dsl users with dynamic IP's. So, >I see a warning that my IP is blacklisted because of some idiot spamming >around with my current IP hours ago? > >A working solution (practiced at the TU Graz / Austria) would be an open >mail relay for every user in the ISPs address space and block all outgoing >connections to port 25. The users will be forced to use the ISPs relay and >can't send out virii/[apply your favorite filter rule here] etc... Indeed. Dynamic IP's *should* be behind such a block (think outbound AV, spamfilter and ratelimiting). Then *they* won't get blacklisted. I know some will pay a price. But now SMTP is fading - for many of us. For ISP's to comply, blacklist maintainers will have to be less strict; some of these lists are counterproductive. Servers with a high legit mail vs. spam ratio should not be blacklisted upon every minor incident, and it should be possible to quickly delist them after a major incident has been resolved. The SORBS maintainer plans to improve things [1]. In order to obtain a net positive effect, using too strict BL's should be avoided (Jonathan A. Zdziarsky's SBL seems great). Erik [1] http://www.merit.edu/mail.archives/nanog/2003-12/msg00300.html
Powered by blists - more mailing lists