lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20040304182724.4282639FC@mprdmxin.myway.com>
From: orangganjil at myway.com (orangganjil)
Subject: Backdoor not recognized by Kaspersky

One thing that I have not seen discussed in this thread is tarpitting spammers. This has been discussed before on BugTraq: 
http://www.securityfocus.com/archive/119/292053/2004-03-01/2004-03-07/1

In addition, there is a neat tool for doing this in conjunction with an MTA, called Spam Cannibal:
http://www.spamcannibal.org

I run a spam tarpit using an e-mail address that should never receive legitimate communications. The MX record for that e-mail address points to a tarpited IP with 25/TCP open. When remote mail servers (or zombied DSL/Cable users) connect to that tarpit their connection is held and their IP is logged. I have a Perl script that parses the logs and e-mails me a diff of the top 50 offenders. Those folks end up being blocked by my firewall from accessing SMTP on my mail server. If they are a home user, they can still access my web pages, etc. This goes a long way to decreasing the spam I receive, and in addition, my tarpit holds or slows their connection - making it less likely they will move on to the next spam recipient.

Test have been done verifying that, in most cases, spam software freezes, hangs, or crashes when tarpitted - forcing manual intervention. There are potential ways around this without breaking TCP (if you ignore window size changes you are breaking TCP), but all of the work-arounds require manual intervention or slow down the rate of spam and consume bandwidth. All of these, even if the software doesn't crash or hang, increase the cost of spamming. Making spam unprofitable is the only way to combat it, IMHO.

Thanks.

_______________________________________________
No banners. No pop-ups. No kidding.
Introducing My Way - http://www.myway.com


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ