lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <FLEKIFICBHEGCHAICFAJGENNCOAA.fulldisclosure@mnbn.net>
From: fulldisclosure at mnbn.net (Matthew C. Beckman)
Subject: Backdoor not recognized by Kaspersky

> One ISP here in Israel, has tried to do something about
this.
> They block all TCP traffic on port 25 (bi di) except for
there own mail
> servers IP

This is happening in the United States as well.  Late last
month, Charter Communications (*.charter.net), a cable
provider, began blocking outbound TCP port 25 (inbound is
blocked as well, but that may have been done earlier).
Notice wasn't given, or at least it didn't reach any
customers I talked to.  All outgoing mail from within their
network must now go through their own SMTP server.

This isn't optimal since their mail is queued and has a 5
meg limit on file attachments.  However, simply forwarding
TCP port 26 to 25 on the remote servers will take care of
that.  Charter uses IP-authentication and doesn't
restrict/examine the headers that are sent, so you aren't
restricted too much.  It can be quite a pain for those that
check their email with a laptop from multiple locations.  At
home they can only send via Charter's SMTP server, however,
from outside the network, you have no access.  This causes
quite a mess.

This does, however, allow Charter to raise a flag if
mass-mailings are being sent out, due to a spammer or worm,
and can block it from going out.

- Matthew C. Beckman


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ