Full Disclosure mailing list archives

Re: Proposal: how to notify owners of compromised PC's

From: petard <petard () freeshell org>
Date: Thu, 29 Jan 2004 04:36:25 +0000

On Wed, Jan 28, 2004 at 09:20:24PM +0100, Thomas Zangl - Mobil wrote:

As I said before, the ISP _HAS_ to provide an alternative mail relay, open
for every FROM address the user whishes to use. (If it?s legal or not thats
another point). If you really need access to YOUR smtp server, it should
be possible to configure your MTA to listen to an alternative port than
25 too. I use this kind of setup for myself as I?m "smtp firewalled" the
way I?ve described above.

You don't understand. My organization (example.com) has its MTAs
configured such that we ONLY accept mail claiming to be FROM example.com
if it is relayed by MSAs which ONLY accept mail from our users, who can
only connect to those using TLS connections which are authenticated
using X.509 certificates. I cannot send mail to someone at example.com
from my example.com address using any other party's server. 
It was not *difficult* to configure the various MSAs to listen on 
alternate ports as well, nor to open the firewalls such that the clients 
could connect there. But it had to clear a change control process which 
has some lead time to it.

And I had to waste my time and my admin's time working around my ISP.

The benefit (in my opinion) would be greater, in my enviroment, then the
loss of freedom individual users will suffer. In case of static IP?s ISPs might
be able to offer exceptions.

Unless we fix the clients, the benefit will not be there long term. You
*might* see spam confined to spam-friendly ISPs and therefore more
easily filtered, but you will not see less malware. There are too many
other vectors, and ISPs may not legally be able to virus-check every 
message they transmit. (They'd certainly *risk* their common carrier 
status by performing this filtering.) We'll just have malware going 
through ISP servers, proxies, kazaa, etc.  as so much of it already does.

regards,
petard

-- 
If your message really might be confidential, download my PGP key here:
http://petard.freeshell.org/petard.asc
and encrypt it. Otherwise, save bandwidth and lose the disclaimer.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Re:Proposal: how to notify owners of compromised PC's, (continued)
- Re:Proposal: how to notify owners of compromised PC's Thomas Zangl - Mobil (Jan 28)
  - Re: Re:Proposal: how to notify owners of compromised PC's Jonathan A. Zdziarski (Jan 28)
  - Re:Proposal: how to notify owners of compromised PC's Erik van Straten (Jan 28)
  - Re: Proposal: how to notify owners of compromised PC's petard (Jan 28)
    - Re: Proposal: how to notify owners of compromised PC's Phil Brutsche (Jan 28)
    - Re: Proposal: how to notify owners of compromised PC's petard (Jan 28)
    - Re: Proposal: how to notify owners of compromised PC's Phil Brutsche (Jan 29)
    - Re: Proposal: how to notify owners of compromised PC's Åke Nordin (Jan 29)
- Fwd:Re:Proposal: how to notify owners of compromised PC's Thomas Zangl - Mobil (Jan 28)
- Re:Proposal: how to notify owners of compromised PC's Thomas Zangl - Mobil (Jan 28)
  - Re: Proposal: how to notify owners of compromised PC's petard (Jan 28)
  - Re: Proposal: how to notify owners of compromised PC's Dave Sherohman (Jan 29)