lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20040129001521.5194797B44@cpo.tn.tudelft.nl>
From: emvs.fd.3FB4D11C at cpo.tn.tudelft.nl (Erik van Straten)
Subject: Proposal: how to notify owners of compromised PC's

On Wed, 28 Jan 2004 23:08:57 +0100 Thomas Zangl wrote:
> Am Wed, 28 Jan 2004 21:27:33 +0100, schrieb "Remko Lodder":
> >i want the ability host these stuff myself on my home ADSL
> >line.
> And this is the point. Most ISP (here in Austria) doesn't allow its end
> users to have public servers open. SSH is tolerated but other services not.
> Exceptions are offered against money (or in same cases beer :) ).

I don't care about ingress blocks. You can run any server you like. Just
don't want compromised grannie PC's to SEND spam/viruses directly to MTA's
anywhere in the world (Joe-jobbing us, we get the bounces and stuff).

The original problem mentioned was with dynamic IP's. Those should be
behind bars (egress 25/tcp blocked, don't care about ingress) to prevent
clean PC's from being accused of anyting nasty.

Some "new friends" I made tonight are shown below (Austria as an example,
really getting loads from any country/ISP). Mostly spambots on DSL/cable
or dialups, (not sure if these are static/dynamic IP's) usually listed on
cbl.abuseat.org and/or Spamcop (Remko: the last cistron box to hit me was
195.64.90.156 on Jan 11, still in CBL; Thomas: zero hiway.at boxes so far
in 2004 :)

BCC to abuse <at> surfer.at. Probably their mbox is full with complaints
sent by people who received a virus From: someone <at> surfer.at so this
BCC is probably going /dev/null.

Which is why we need another way to inform PC owners of the misery they
cause - what this discussion is about. Comments on that, better ideas?

Erik

Received: from chello080109016118.9.14.vie.surfer.at (HELO dutndo7.tn.tudelft.nl)
  (80.109.16.118) by wb3.mail.utexas.edu with SMTP; 28 Jan 2004 18:53:50 -0000

Received: from glummert.de (chello080110229023.116.11.vie.surfer.at [80.110.229.23])
  by spitfire.law.miami.edu (Postfix) with SMTP id 0772C5C3B35
  for <majordomo@...ged>; Wed, 28 Jan 2004 14:00:30 -0500 (EST)

Received: from med.toho-u.ac.jp (chello062178080135.27.11.vie.surfer.at [62.178.80.135])
  by bsd.ver.megared.net.mx (8.11.7/8.11.7) with SMTP id i0SKBx351376
  for <munged>; Wed, 28 Jan 2004 14:11:59 -0600 (CST)

Received: from ka.nl (chello062178154224.8.14.vie.surfer.at [62.178.154.224])
  by mgw-x2.nokia.com (Switch-2.2.8/Switch-2.2.8) with ESMTP id i0SKjgK11785
  for <munged>; Wed, 28 Jan 2004 22:45:47 +0200 (EET)

Received: from  drescher.pl (chello062178032068.11.11.vie.surfer.at [62.178.32.68])
  by rly-na01.mx.aol.com (v97.10) with ESMTP id MAILRELAYINNA15-f401832a0b3;
  Wed, 28 Jan 2004 17:07:41 -0500

Received: from thema-media.de (chello080110113024.510.15.vie.surfer.at [80.110.113.24])
  by SIRIUS.unicc.org (Switch-2.2.8/Switch-2.2.8) with SMTP id i0SMDa029491
  for <munged>; Wed, 28 Jan 2004 23:13:37 +0100

Received: from thea.gr (chello080110093038.507.15.vie.surfer.at [80.110.93.38])
  by mx18.singnet.com.sg (8.12.11/8.12.11) with ESMTP id i0SMeVTJ005750
  for <munged>; Thu, 29 Jan 2004 06:40:45 +0800

Received: from dune.de (chello080110229023.116.11.vie.surfer.at [80.110.229.23])
  by leia.infotel.it (8.10.2/8.10.2) with SMTP id i0SNOe103658;
  Thu, 29 Jan 2004 00:24:41 +0100


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ