Full Disclosure mailing list archives
Re:Proposal: how to notify owners of compromised PC's
From: "Erik van Straten" <emvs.fd.3FB4D11C () cpo tn tudelft nl>
Date: Thu, 29 Jan 2004 01:15:20 +0100
On Wed, 28 Jan 2004 23:08:57 +0100 Thomas Zangl wrote:
Am Wed, 28 Jan 2004 21:27:33 +0100, schrieb "Remko Lodder":i want the ability host these stuff myself on my home ADSL line.And this is the point. Most ISP (here in Austria) doesn't allow its end users to have public servers open. SSH is tolerated but other services not. Exceptions are offered against money (or in same cases beer :) ).
I don't care about ingress blocks. You can run any server you like. Just don't want compromised grannie PC's to SEND spam/viruses directly to MTA's anywhere in the world (Joe-jobbing us, we get the bounces and stuff). The original problem mentioned was with dynamic IP's. Those should be behind bars (egress 25/tcp blocked, don't care about ingress) to prevent clean PC's from being accused of anyting nasty. Some "new friends" I made tonight are shown below (Austria as an example, really getting loads from any country/ISP). Mostly spambots on DSL/cable or dialups, (not sure if these are static/dynamic IP's) usually listed on cbl.abuseat.org and/or Spamcop (Remko: the last cistron box to hit me was 195.64.90.156 on Jan 11, still in CBL; Thomas: zero hiway.at boxes so far in 2004 :) BCC to abuse <at> surfer.at. Probably their mbox is full with complaints sent by people who received a virus From: someone <at> surfer.at so this BCC is probably going /dev/null. Which is why we need another way to inform PC owners of the misery they cause - what this discussion is about. Comments on that, better ideas? Erik Received: from chello080109016118.9.14.vie.surfer.at (HELO dutndo7.tn.tudelft.nl) (80.109.16.118) by wb3.mail.utexas.edu with SMTP; 28 Jan 2004 18:53:50 -0000 Received: from glummert.de (chello080110229023.116.11.vie.surfer.at [80.110.229.23]) by spitfire.law.miami.edu (Postfix) with SMTP id 0772C5C3B35 for <majordomo@munged>; Wed, 28 Jan 2004 14:00:30 -0500 (EST) Received: from med.toho-u.ac.jp (chello062178080135.27.11.vie.surfer.at [62.178.80.135]) by bsd.ver.megared.net.mx (8.11.7/8.11.7) with SMTP id i0SKBx351376 for <munged>; Wed, 28 Jan 2004 14:11:59 -0600 (CST) Received: from ka.nl (chello062178154224.8.14.vie.surfer.at [62.178.154.224]) by mgw-x2.nokia.com (Switch-2.2.8/Switch-2.2.8) with ESMTP id i0SKjgK11785 for <munged>; Wed, 28 Jan 2004 22:45:47 +0200 (EET) Received: from drescher.pl (chello062178032068.11.11.vie.surfer.at [62.178.32.68]) by rly-na01.mx.aol.com (v97.10) with ESMTP id MAILRELAYINNA15-f401832a0b3; Wed, 28 Jan 2004 17:07:41 -0500 Received: from thema-media.de (chello080110113024.510.15.vie.surfer.at [80.110.113.24]) by SIRIUS.unicc.org (Switch-2.2.8/Switch-2.2.8) with SMTP id i0SMDa029491 for <munged>; Wed, 28 Jan 2004 23:13:37 +0100 Received: from thea.gr (chello080110093038.507.15.vie.surfer.at [80.110.93.38]) by mx18.singnet.com.sg (8.12.11/8.12.11) with ESMTP id i0SMeVTJ005750 for <munged>; Thu, 29 Jan 2004 06:40:45 +0800 Received: from dune.de (chello080110229023.116.11.vie.surfer.at [80.110.229.23]) by leia.infotel.it (8.10.2/8.10.2) with SMTP id i0SNOe103658; Thu, 29 Jan 2004 00:24:41 +0100 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: Proposal: how to notify owners of compromisedPC's Remko Lodder (Jan 28)
- <Possible follow-ups>
- Re:Proposal: how to notify owners of compromisedPC's Thomas Zangl - Mobil (Jan 28)
- Re:Proposal: how to notify owners of compromised PC's Erik van Straten (Jan 28)