lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20040128182911.A88BA97B44@cpo.tn.tudelft.nl>
From: emvs.fd.3FB4D11C at cpo.tn.tudelft.nl (Erik van Straten)
Subject: Proposal: how to notify owners of compromised PC's

On Wed, 28 Jan 2004 17:19:08 +0100 Thomas Zangl wrote:
>Erik van Straten wrote:
>>If major sites like Google, MSN etc. would query rapid DSL and dialup
>>blacklists, they could visually inform the visitor that their PC is
>>listed (+ inform them what to do, direct them to online AV etc).
>
>Bad idea! Think about all those hosts listed in a RBL and the users can't
>do anything about it? Especially dailup/dsl users with dynamic IP's. So,
>I see a warning that my IP is blacklisted because of some idiot spamming
>around with my current IP hours ago?
>
>A working solution (practiced at the TU Graz / Austria) would be an open
>mail relay for every user in the ISPs address space and block all outgoing
>connections to port 25. The users will be forced to use the ISPs relay and
>can't send out virii/[apply your favorite filter rule here] etc...

Indeed. Dynamic IP's *should* be behind such a block (think outbound
AV, spamfilter and ratelimiting). Then *they* won't get blacklisted.
I know some will pay a price. But now SMTP is fading - for many of us.

For ISP's to comply, blacklist maintainers will have to be less strict;
some of these lists are counterproductive. Servers with a high legit
mail vs. spam ratio should not be blacklisted upon every minor incident,
and it should be possible to quickly delist them after a major incident
has been resolved. The SORBS maintainer plans to improve things [1]. In
order to obtain a net positive effect, using too strict BL's should be
avoided (Jonathan A. Zdziarsky's SBL seems great).

Erik

[1] http://www.merit.edu/mail.archives/nanog/2003-12/msg00300.html


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ