Re: March 29, 2006 total eclipse - IT admin's WORST NIGHTMARE

You keep believing that a good network administrator doesn't know about these things, that a good network administrator is going to let it happen, that you have something we don't already know about, and it will be funny to see you get Sued by employees all over the world that get fired for violating company policy for utilizing your services (if the can actually access them).

Even postal money orders are traceable now, since 9/11. As far as I know, you have to show ID to get a postal money order of any kind. Since the anthrax attacks, 9/11, and the unabomber before that, security is taken much more seriously in the postal service. Other than sending normal first class mail, you have to show ID for just about anything else now.

What the guy does not seem to understand is that while he might get past your hardware appliances, my software based setup would be more successul at stoping it. That is becuase his service would probably need a Socks proxy, and I have Tiny, on my network gateway machine, configured to only allow the Socks proxy outgoing access on port 37, for PrecisionTime, and port 43, for Sam Spade. Because of the security hole that is created with CyBlock, Tiny is configured to restrict outgoing access to ports 80 and 443, and only accept inbound connections from the LAN. I just configured NewsProxy to intercept any posts from nym.alias.net and not forward them to my newsreader. NewsProxy acts as a network-level killfile and content filter for Usenet. If you are going to allow Usenet on your network, you NEED this program. NewsProxy is the only program of its kind that can killfile on the network level. This is necessary because Outlook Express does not have killfile capabilities, so it is necessary for me to filter at the network level using NewsProxy. .

Trolls can imagine whatever they want.

Notice how the troll has yet to provide (at least as far as I can see - the anonymous posting services are killfiled here, as only trolls seem to use them) a hint to a place to sign up for his "services". I can't imagine anyone falling for the "send unmarked ten and twenty dollar bills to a private mailbox at some Mail Boxes Etc. (well, I can - but not that many). Checks are traceable, and credit cards are even less viable. What does that leave - postal money orders?

See above

Old guy

What utter BS. It's easily blocked by any quality firewall appliance and any competent network admin.

Charles - you keep making that statement, and yet you can never supply data on tests you've made to back it up. Given your proven lack of technical knowledge - you demonstrate it perfectly below - do you wonder why people are laughing at your mis-information? Every time you get cornered, you come back and report that your bean counter instructor never taught you anything about hardware as if that excused your lack of knowledge. What works on your toy network of what, four computers total - it's not going to scale very well, and I suspect you'd be overwhelmed having a dozen systems to support, never mind a couple of thousand.

And we're supposed to be impressed with this exactly how? I mean, 'nym.alias.net' is only one of a number of anonymous posting points, and has been in my news server kill file for over six years. What? You didn't realize news servers can run killfiles??? Maybe you ought to find the documentation for a program called 'B News' (actually 'bnews') - it's only from roughly 1984 - only a few years before microsoft invented networking. Wonder what USENET was running on back in 1980? The answer is 'A News', of course. (Yes, we know you didn't know about computers in 1984 - never mind 1980.) A and B News are decidedly obsolete, having been replaced over the years with C and D News, and then INN (back in 1993). I'd suggest you read RFC1036 - except that it has more than 800 words that are nine characters or longer.

So, how does this little toy handle a base Big 8 news feed? The monthly list of valid Big 8 groups (which includes comp.*, humanities.*, misc.*, news.*, rec.*, sci.*, soc.*, and talk.*) only comes to 2362 groups and is only several hundred Megs a day - but if you decide to add the 'alt.*' hierarchy, the feed could be a "bit bigger". Last I looked at the news server at work, they had close to 92,000 groups. Can your toy handle that? How many news peers can it handle at once?

Did your bean counter instructor teach you news servers too? I rather doubt it, because microsoft doesn't supply a news server. Last time I checked, 'msnews.microsoft.com' was running on FreeBSD. And I'll bet you don't know how to determine what O/S a remote server is running. Most skript kiddiez do. Rather than you trying to tell us what we need to do, you NEED to learn the fundamentals of networking protocols. Awww, you didn't know there are standards for such things as Usenet?

Wow, I'd suggest you tell the author of the Killfile FAQ

Well, if you haven't been able to learn to use a real news client, I suppose you need all the help you can get using toys.

Old guy

It sits between the news server, and the network, and simply drops any articles that match criteria held in the nfilter.dat file. If there is a hit, it is dropped, and your newsreader program does not receive it. If you have 92,000 groups available on your news server, then you need to be able to filter out what you groups you dont want your people looking it, and NewsProxy is the answer for that. You can configure it where content from entire groups is dropped. It even keeps a lot of what kind of content was dropped. All you need is a server on your network running Windows 95 or later, and you can run NewsProxy.

For example, this line:

alt.sex.* drop from:*

tells NewsProxy to drop every article coming in from the alt.sex hierarchy. There are proabably a lot more groups you might not want people to read, and NewsProxy can control access to those groups. They would see the group in their newsreader, but they would never see any articles, becuase NewsProxy would be dropping them. If you really do have that many newsgroups, you should really take a lot at what is there, and then put NewsProxy on your network, to filter out content you dont want people on your LAN to read.

I applaud your efforts here - not because they are frequently in reply to Charles (who is clearly impervious), but because they invariably seek to counter disinformation with common sense. Please keep pissing against the wind.

Triffid

Charles, tell me - you are using a toy browser to read the news from the Comcast news server. When you start your toy browser, does it show you all 80-100 thousand news groups available from the server every time you start it - or have you figured out how to make it only show you the ones you have subscribed to? I know these 'concept' things are hard to get your mind around - but honestly setting up a news server is quite similar - you make a list of those groups that you want to carry (and one presumes that are available from the peers), and how long you want articles within those individual groups to remain on your server.

Oh, so you think that win95 can handle the spool. You keep forgetting that we don't have any windoze boxes here, and see no need for any. On our server, we're now using ATA-over-Ethernet to get the drives out of server box. It's a 3U sized unit with only 2 TB of diskspace right now (capacity is 4 TB). but for some reason, there is no drivers for any microsoft O/S. Yet another example of microsoft being behind the times? The protocol allows 16 Petabyte disk farms - ask your sales monkey how big that is. We installed a couple of the small 20 TB drives for our document servers - they're kinda neat.

Why did you put the 'alt.sex.*' hierarchy on your server in the first place? Could it be because you don't know anything about how the servers work, and are making some rather wild guesses? 'inn-2.4.2' isn't that big - about 2 megabyte, and more than half of that is documentation - you ought to look for it. In the mean time, a little clue for you - and this also pertains to firewall configurations. You don't set crap up to block things like 'alt.sex' or 200.0.0.0/6. You _ALLOW_ what you want, and by not allowing what you don't want, the rest does not exist. Wow - what a concept.

But if the server doesn't carry the group - they won't see the group in their news reader. Why don't you sit down over a cup of coffee and think about _that_ concept. Didn't have to buy all that extra crap that the sales monkeys at CompUSA claim you couldn't live without - don't have to waste CPU cycles, power, space, air conditioning... Amazing. Think what you could do with the money you'd save.

Just like cable/satellite TV - hundreds of channels, nothing interesting.

I'm sure you were trying to same something intelligent there. Perhaps if you actually learned how the Internet works instead of believing all the advertising literature, you could save a bunch of money wasted on your toy server setups. Also remember, what works on your four computer one user setup isn't likely to work as well with a dozen users - never mind several thousand.

Old guy

Outlook Express in the number one news browser in ht world, becuase Windows runs around 90 percent of the computers in the world.

Because all the incoming news comes from Comcast's servers. NewsProxy just intercepts and drops what I dont want on the network, coming in from Comcast's Usenet servers. It's a Giganews service that comes with Comcast. My proxy program simply filters out what I dont want on the network. Comcast handles the Usenet traffic, and NewsProxy filters out what I dont want on the network. Also, there could be items cross-posted between alt.sex.*, or any group you dont want, and another group in your server. With NewsProxy, it can scan for such x-posted articles and intercept them.

My network gateway machine has:

NewsProxy - Network level killfile and content filter for Usenet. SpamBam - Network level spam filter WebWasher - HTTP filteirng proxy server AllegroSurf - DHCP server and Socks Proxy Tiny Personal Firewall - network firewall security Avast Anti-virus - An anti-virus software that runs at the network level and scans all incoming traffic for viruses, trojans, etc, in real time.

You shuold really consider a Windows box, and putting CyBlock, SurfControl, WebSense, Bess, or some other network-level Web filter. Just select that categories you want to block, and you are done. The updated filteirng lists can be downloaded daily, if you wish. These programs only run on Windows-based systems, however, but they are worth having a Windows box on your network.

That means you must have every group, including alt.sex, and other pornographic newsgroups, if you have that many groups. Better get NewsProxy on your network ASAP to start controlling what your users read. With that many groups, you really may not be aware of what you have, and could be setting yourselves up for some serious criminal and civil liabilty. With NewsProxy, and this setup in the nfilter.dat file

alt.sex.* drop from:* soc.sexuality.* drop from:* alt.binaries.* drop from:* alt.mp3.* drop from:* alt.music.mp3.* drop from:* alt.2600.* drop from:* alt.2600 drop from:* alt.fan.tonya* drop from:* alt.beer* drop from:* alt.drinks.* drop from:* alt.mmmmm.* drop from:* alt.politics.radical.right drop from:* alt.crackz.* drop from:* alt.religion.* drop from:* talk.religion.* drop from:* alt.fan.britney* drop from:* alt.fan.prince drop from:* alt.music.prince* drop from:* alt.music.eminem drop from:* alt.rap.* drop from:* alt.politics.* drop from:*

• drop from:*@nym.alias.net*

• drop from:*@blackhole.riot.eu.org*

• drop form:*@.xg.nu*

• drop from:*@dizum.com*

• drop from:*@mixmaster.it*

You would get rid of potential liability by using NewsProxy, and filtering material using the options mentioned above

Well, CyBlock and WebWasher are designed to work with a lot of users. CyBlock advertises having some large companies, some with up to 100 thousand users on their networks, using their product. WebWasher, CyBlock, Bess, Sentian, and WebSense can all handle very large networks like that. The government of Saudi Arabia is using Bess to filter out what they dont want into thier country, and that is probably around several million users, so what you would call "toys", are used on very large levels around the world.

Uhuh, and you still haven't learned how to use it. Actually, if you look at the newsgroups stats programs, you'd discover it's not only not the most popular news reader, but it also seem to be loosing ground as the most common browser. But that means you'd have to do research on your own, and you'd rather believe advertisements.

Read it again Charles - Why did you put it on _your_ server. Not your client - your SERVER. Or haven't you figured that there might be a difference between your toy setup and what the rest of the world uses? I'm talking about us having control over our server - and you don't seem to know what a server is. Below, you mention the Saudis - let me assure you that they are not customers of Giganews or Comcast, though I imagine you can't conceive of any other mode of use.

We're using HP, Stanford and Supernews (at least - I'm not the news goddess) as our _peers_ which means we trade feeds with them. I use giganews at home as a client. Read RFC1036 and _maybe_ you might understand the fundamental difference.

No Charles - you're missing the point. Our _server_ doesn't get the unwanted newsgroups - there is nothing to block. You're stuck (as usual) in your single user client mode, and can't see the larger picture.

How many groups do you think there are? Look at the bottom of some posts, and you'll see some wanky advertisement (hey - that's where you get all your technical facts, so you should have noticed it) from some for-pay news services that claim to have over 130,000 groups. Also, I realize you don't think about it, but we're a multi-national, and we have foreign language news groups, most of which I've never seen before. We've got over a thousand fr.* groups alone because of our French facilities. (Check from home - giganews has 444)

One. I think giganews has over a 1000 of them. (Check from home - 1226)

I won't bother showing the rest of your favorite groups for space reasons, but they all return a zero - not on our server. Looks like another one of your guesses is totally wrong.

Note - they are windoze toys, and we don't run windoze.

Last I heard, the Saudi had 24.0 million population, but a quick look at the RIR registrations shows 969984 IP addresses total, and that includes the 'network' and 'broadcast' addresses, the addresses used by their national backbone and so on. However that's 9 times as many addresses as Bess claims to license. And you really ought to pay more attention to the massive holes that let people around that product. Certainly the Saudi user has found ways, and if the government could get their hands around it, that's a death penalty offense. As I haven't heard to many either getting stoned or beheaded, yet have heard many complaints of mis-use of news proxies world wide - maybe you ought not believe those advertisements. Sounds like you've been spending to much time listening to those CompUSA sales monkeys, and not enough time actually researching on your own.

Old guy

No, it's the #1 client because people are ignorant - it also happens to tbe the Worst Usenet client according to anyone that has any internet experience before MS got into the picture.

Well, NewsProxy is acting as a news server for my network. It is taking the feed from Giganews (part of the Comast subscription package), and distributing that to the machines on my network. Therefore Comcast/Giganews controls that, not me. NewsProxy is on my network to filter out what I dont want on the network. Even if you run your own news server, you should really take a look at NewsProxy, so you can better control what your users are reading from Usenet. Comcast decides what groups are available, so I use NewsProxy to filter out what I dont want on my network.

One of older Windows versions of the software does have the source code available, so it could probably be modified to run on whatever OS is running your network. If you are not going to use a Windows server, you should at least take a look at the source code, and see if you cannot port NewsProxy to whatever you are running on. I think once you try it, you will like it.

Since you are coming from Giganews, it is likely being handled the way that Comcast handles it. Comcast's servers simply act as a relay for GigaNews. Whatever GigaNews has, Comcast has. GigaNews controls what groups are available. If you have a GigaNews subscription, then NewsProxy is a MUST for your network, to block out groups from GigaNews you dont want on your network, becuase Giganews controls what groups are available, and you need other tools to block out what you dont want on your network. A GigaNews subscriber, be it an individual or a company, simply connects a server to the network that acts as a relay, to distribute the feed to the machines on the network, and GigaNews controls what groups are available, not you. The only control the network admin has is to use a tool like NewsProxy.

However, when it comes to filtering, WebWasher, CyBlock, WebSense, etc, can put some teeth in your usage policy. Just select the categories on content you want to block, confgure when you want the filtering lists updated, and you are done. Also these programs have reporting capabilities that hardware firewall appliances dont have. They can drill down to the individual user, if needed. A lot of Fortune 500 companies use these products, becuase they are simply the best at controlling content.

One hole I know of that Bess used to have until Secure Computing fixed it was that their proxy remained open to the world. Anyone could surf through a Bess proxy for a long time, and the lists of open proxies/ relays used to often have hundreds of open Bess proxies on them. Secure Computing got on the ball after they took over N2H2, and closed that hole.

The same problem exists in CyBlock. CyBlock's filtering proxy is open to the world. I found this out a year ago, when I found hits on the proxy coming from China. To this day, I am surprised I never heard from Comcast about having an open relay on my system, since the AUP specifically forbids open proxies/relays on their service.

That is why I went back to the old freeware WebWasher 3.2. CyBlock is a very good filteirng program, but Wavecrest really needs to fix the security hole that lets anyone in the world surf through any CyBlock proxy. I am sure that a lot of companies using CyBlock dont even know that anyone in the world can surf through their proxy. I was only getting hits from China, so my IP must have ended up on an open proxy list somewhere in China.

Read RFC1036. I know this concept stuff is hard for you, but read the RFC. Your proxy is a pale imitation of the concept of a server, and it is a client (not a server or peer) to giganews. If it were a real server, you would set up specific groups to carry. Your client on your home LAN would only get to see those groups that you set up to carry. A request for any other group would return a message of "no such group" - not "well, the group exists, but there are no articles" or similar. That's just one of many differences.

That's because you are running a client - not a peer or server.

Except you don't understand how a server operates, so you don't have the first idea of what you are talking about. READ THE RFC!!!

See - you wouldn't have that problem if you ran your own server, but the concept is beyond you. You're sill listening to the CompUSA sales monkeys who want to sell you more client software, just as you still believe them despite Walter Roberson citing the specific chapter and verse that proves them to be lying to you. By the way - have you located the law that makes it illegal for CompUSA to see crap to you that is not legal to use? We're waiting.

Why? I don't need the function it provides because we control our own server. You don't, so you need all the help you can get. The other problem is that you refuse to discover the difference.

Nope - I use giganews at home - and I only carry the 70 odd groups that I need. (Yes, I am running a small server - to bad you can't figure out how.) At work, we don't use giganews - we're peering with other providers, but until you read the RFC you won't understand that.

That sounds more as if Comcast is a proxy for GigaNews, not a real server. Looking at the headers, I suspect they're really just a CNAME rather than a separate host.

That's a description of a _client_ not a server or a peer. Read RFC1036.

Read RFC1036. Sound like a broken record? So do you. Read the RFC. Oh, and I know you wouldn't understand the difference, but the person who runs the news server goes by the title 'news administrator', not 'network administrator' even if that's just the title on a different hat that the same person wears.

Where your main problem occurs is that you believe that only these client applications, running on windoze, have this functionality. You don't realize that if the world had to exist using the client only software you are aware of, there wouldn't _be_ an Internet. The idea that news servers don't run windoze really boggles your mind, doesn't it. You have to remember that Usenet started in 1980 - which was before microsoft bought QDOS to get into the operating system business.

You really should get your facts from something other than advertisements.

Yes, and we're all quite impressed with your hacking knowledge. Almost as much as your basic networking concepts knowledge. Bet you still haven't discovered the Bugtraq mailing lists.

Point your web browser at

Old guy

Charles, everything I snipped, and what I left in particular, is unadulterated nonsense.

Please go read the RFCs. They are chock full of clues.

Outlook Express is the worst news reader in the world because of its flaws and idiotic misconfiguration. There are many alternatives for Windows users, too.

Yours, VB.

The problem is that Charles would have to learn how to use a new piece of software - don't you think he's having enough trouble now trying to use a keyboard at the same time he's trying to breathe? Sometimes he even tries to chew gum - and that just max's out that single neuron.

Old guy