| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: emvs.fd.3FB4D11C at cpo.tn.tudelft.nl (Erik van Straten) Subject: Proposal: how to notify owners of compromised PC's On Wed, 28 Jan 2004 23:08:57 +0100 Thomas Zangl wrote: > Am Wed, 28 Jan 2004 21:27:33 +0100, schrieb "Remko Lodder": > >i want the ability host these stuff myself on my home ADSL > >line. > And this is the point. Most ISP (here in Austria) doesn't allow its end > users to have public servers open. SSH is tolerated but other services not. > Exceptions are offered against money (or in same cases beer :) ). I don't care about ingress blocks. You can run any server you like. Just don't want compromised grannie PC's to SEND spam/viruses directly to MTA's anywhere in the world (Joe-jobbing us, we get the bounces and stuff). The original problem mentioned was with dynamic IP's. Those should be behind bars (egress 25/tcp blocked, don't care about ingress) to prevent clean PC's from being accused of anyting nasty. Some "new friends" I made tonight are shown below (Austria as an example, really getting loads from any country/ISP). Mostly spambots on DSL/cable or dialups, (not sure if these are static/dynamic IP's) usually listed on cbl.abuseat.org and/or Spamcop (Remko: the last cistron box to hit me was 195.64.90.156 on Jan 11, still in CBL; Thomas: zero hiway.at boxes so far in 2004 :) BCC to abuse <at> surfer.at. Probably their mbox is full with complaints sent by people who received a virus From: someone <at> surfer.at so this BCC is probably going /dev/null. Which is why we need another way to inform PC owners of the misery they cause - what this discussion is about. Comments on that, better ideas? Erik Received: from chello080109016118.9.14.vie.surfer.at (HELO dutndo7.tn.tudelft.nl) (80.109.16.118) by wb3.mail.utexas.edu with SMTP; 28 Jan 2004 18:53:50 -0000 Received: from glummert.de (chello080110229023.116.11.vie.surfer.at [80.110.229.23]) by spitfire.law.miami.edu (Postfix) with SMTP id 0772C5C3B35 for <majordomo@...ged>; Wed, 28 Jan 2004 14:00:30 -0500 (EST) Received: from med.toho-u.ac.jp (chello062178080135.27.11.vie.surfer.at [62.178.80.135]) by bsd.ver.megared.net.mx (8.11.7/8.11.7) with SMTP id i0SKBx351376 for <munged>; Wed, 28 Jan 2004 14:11:59 -0600 (CST) Received: from ka.nl (chello062178154224.8.14.vie.surfer.at [62.178.154.224]) by mgw-x2.nokia.com (Switch-2.2.8/Switch-2.2.8) with ESMTP id i0SKjgK11785 for <munged>; Wed, 28 Jan 2004 22:45:47 +0200 (EET) Received: from drescher.pl (chello062178032068.11.11.vie.surfer.at [62.178.32.68]) by rly-na01.mx.aol.com (v97.10) with ESMTP id MAILRELAYINNA15-f401832a0b3; Wed, 28 Jan 2004 17:07:41 -0500 Received: from thema-media.de (chello080110113024.510.15.vie.surfer.at [80.110.113.24]) by SIRIUS.unicc.org (Switch-2.2.8/Switch-2.2.8) with SMTP id i0SMDa029491 for <munged>; Wed, 28 Jan 2004 23:13:37 +0100 Received: from thea.gr (chello080110093038.507.15.vie.surfer.at [80.110.93.38]) by mx18.singnet.com.sg (8.12.11/8.12.11) with ESMTP id i0SMeVTJ005750 for <munged>; Thu, 29 Jan 2004 06:40:45 +0800 Received: from dune.de (chello080110229023.116.11.vie.surfer.at [80.110.229.23]) by leia.infotel.it (8.10.2/8.10.2) with SMTP id i0SNOe103658; Thu, 29 Jan 2004 00:24:41 +0100
Powered by blists - more mailing lists