[lug] linux firewall, popup windows spam blocking
stimits at attbi.com
Thu Jun 26 21:37:54 MDT 2003
Scott Herod wrote:
> On Mon, 23 Jun 2003, Bear Giles wrote:
> >We all see a huge difference between sending out something from a
> >spamming list and responding to an intrusion, but how do you
> >codify that into law? It's a lot harder than you might think, and
> >if it's not done right the solution may be worst than the problem.
> I saw one proposal that would be someone difficult to implement since it
> would require infrastructure improvements but which would not require any
> legislation. Furthermore, it would address exactly the point that Dan
> brought up. Have everyone only accept email from unknown sources if
> is a micro-payment attached.
There is no email involved here. Nor is web browsing involved. They are
using the same service that an UPS would use to notify that power has
been lost. In this case, Level 3 Communications IP address of
188.8.131.52 is breaking in on port 1026, UDP, and directly invading
the system. In many cases this is causing a video mode switch from the
app that is running, and crashes the system, resulting in loss of data.
No email or web browsing is done from this machine, they are simply
doing the equivalent of port scanning and abuse of a MS feature/flaw.
> If you want to send me email, attach 1/100'th of a cent. I'll gladly pay
> you the same to accept email that I send. I'd probably go years before
> even paying a penny, but then I don't send out 100,000 emails at a time.
I am very much against this infrastructure, as they will end up using
Microsoft proprietary tech and removing all use of machines not subject
to MS virus and worms.
> If my ISP collected from all of the email that I get and applied it
> towards my bill, they would probably owe me money.
They can still identify (with a lot of effort) many of the spammers that
forge headers, without some bogus MS identity technology. The whole .NET
proof of identity thing is a farce, as they would destroy part of what
has to be protected, and force people to use the most vulnerable o/s
there is. In this particular case, 184.108.40.206 is directly attacking
machines via port 1026 (UDP), and it has nothing to do with email.
D. Stimits, stimits AT attbi DOT com
> Web Page: http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: lug.boulder.co.us port=6667 channel=#colug
More information about the LUG