Full Disclosure mailing list archives
Re: Proposal: how to notify owners of compromised PC's
From: Åke Nordin <rootmoose () telia com>
Date: Fri, 30 Jan 2004 01:41:02 +0100
Hi there, I'm new here. <bait/> ;^) This thread should probably die soon, but... At 02:31 2004-01-29 -0600, Phil Brutsche wrote:
petard wrote:
. . .
At any rate, blocking port 25 is a half-assed solution to a problem that needs to be solved at the MUA, not the MTA or MSA.Someone's irresponsible use of their MUA is not the only problem. Blocking outbound TCP port 25 stops a virus/worm and spam problem that's caused by more than just crap like the Mydoom variants. It may be "half-assed" but it's easier and more effective than getting you-know-who to fix their sorry excuses for mail clients and/or getting end users to not be such morons.
Yes, as a quick and dirty solution it is indeed effective. And the sad, misled, blackhat-toting types wins another victory: the Net abandons yet another set of RFC requirements. ISP's strangling outbound SMTP makes me think of the Redmond way of "fixing" problems. This may be an entirely appropriate analogy since the root cause is the inbreed that plagues the Net where the vast majority of systems have the same exploitable bugs. The ability to make a direct connection from the sending MUA to the MX of the receiver is a critically important feature for at least two reasons that has not been mentioned in this thread: - Sensitive information you don't want lying around in a third party mail spool (if I was opposing the dictatorship, I would certainly not want them to trawl for my mails at a convenient central mail hub). - Nomadic users may in certain situations not even know which is their upstream provider accepted mail relay. Relentlessly reconfiguring your MUA's SMTP using wild guesses of working mail relay names is not my kind of fun, and I don't think I'm alone using CygWin on my "Corporate Standards Compliant" notebook just to run a reasonably respectable and dependable MTA for my mail routing. It is noteworthy that telia.com loudly announced that they would block outgoing SMTP, but rather quietly ceased doing so. The period of SMTP block must have been very brief, since I can't recall it ever affecting me, and at the time telia.com was my sole access. They do however scan mails that passes their servers, replacing positives with notifiers and a copy of the headers of the deleted mail and instructions on how to circumvent the scanning should the positive be a false one. Cheers, -- . /Ake Nordin +46704-660199 rootmoose () telia com Duston Sickler: "There are only 10 types of people in the world, those who understand binary and those who don't." _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Proposal: how to notify owners of compromised PC's Erik van Straten (Jan 28)
- <Possible follow-ups>
- Re:Proposal: how to notify owners of compromised PC's Thomas Zangl - Mobil (Jan 28)
- Re: Re:Proposal: how to notify owners of compromised PC's Jonathan A. Zdziarski (Jan 28)
- Re:Proposal: how to notify owners of compromised PC's Erik van Straten (Jan 28)
- Re: Proposal: how to notify owners of compromised PC's petard (Jan 28)
- Re: Proposal: how to notify owners of compromised PC's Phil Brutsche (Jan 28)
- Re: Proposal: how to notify owners of compromised PC's petard (Jan 28)
- Re: Proposal: how to notify owners of compromised PC's Phil Brutsche (Jan 29)
- Re: Proposal: how to notify owners of compromised PC's Åke Nordin (Jan 29)
- Re: Proposal: how to notify owners of compromised PC's petard (Jan 28)
- Re: Proposal: how to notify owners of compromised PC's Dave Sherohman (Jan 29)