You know that, I know that, most of the people here know that. The problem comes in trusting that the schmoe down in accounting knows that, or even cares about that. Ths is when you have to lock down access to his/her ability to even ACCESS malware, much less download it.
There seems to be two fundemental groups here... one of those groups says "People will always do the right thing when they know what the right thing is." And then the other group, which I belong to, says "Most people will follow the rules, but there are others who simply don't care about the rules and don't feel they should apply to them."
Seems to be the basic argument between VB and Leythos.
I am yet to see any proof of this, all I see are yours and others protestions. Nothing offered as proof whatsoever.
Feel free to provide this proof to back up your claim..... Proven by whom? Proven when? What methodologies were employed? What products were used? What threats and vectors were trying to be blocked? What failed to be blocked? What was the failure ratio? How long did it take for the first failure to occur? What were the costs involved in the project?
Not installing malware in the first place is what filtering is all about. Proper filtering makes installing *anything*, malware or not impossible as it can never reach the machine.
I'm quite happy to discuss this issue if the naysayers are willing to offer proof other than statements such as "because I said so" and "Spybot is crap"
And a 3rd group, those that simply don't know and don't want to know. It's irrelevant what the personality type of the infected person is, they're still infected. The lowest common denominator is the one you need to consider. E.
Maybe it is the language problem with you. The "your" means who ever is handling the email server that you are retrieving your email from.
That server, if it has guess-able aliases like "webmaster", "abuse", ...etc, and there is no protection against mass spamming and flood, you will suffer, if you are the recipient of the emails to those addresses.
Try to keep up with the discussion. You and your fellow "Volker" character suggested that having an email address like snipped-for-privacy@nospam.nospam is bad because anyone forging an address like " snipped-for-privacy@whitehouse.gov" and sending a spam to snipped-for-privacy@nospam.nospam will cause " snipped-for-privacy@whitehouse.gov" to receive the bounce since snipped-for-privacy@nospam.nospam is not valid address. You both also claimed the same thing would happen for any snipped-for-privacy@valid.domain being forged, sending spam to snipped-for-privacy@nospam.nospam which means snipped-for-privacy@valid.domain will receive the bounced email.
The flaw in this weak and in fact pitiful argument is:
Almost all SMTP servers would NOT parse invalid addresses like snipped-for-privacy@nospam.nospam.
Almost all spam software which are out there would NOT send an email to an address like snipped-for-privacy@nospam.nospam, they check email address format, and then act on it.
If you have an email server with guess-able aliases like webmaster and alias and do not run a server side protection against spam and flood, then you deserve what you get.
Protecting yourself from spam is YOU responsibility, not mine. I will NOT endure spam and maintain a valid email address to catch spam to accommodate you and other clueless users who don't understand email basics nor can grasp facts about spam and email server setups.
You should also follow the links that you were given about how to alter your From: address to avoid getting spammed. Funny, none of those links suggested using a valid, throw away address to accommodate spammers and clueless email admins like you and "Volker" are suggesting.
Next time, do try to bring up a better argument, instead of going through your mood swings.
Like I said before, it is YOU who demonstrated that you don't understand, and it is probably the language barrier.
Good for you, because that is as graceful as it can be for your exit. Any further discussion on this would show how clueless you are.
Do not assume anything. No spammer, mass spammer, not a causal "Hey look at my new dating site webmaster promoting his site" would send mass mail manually, and without professional software. Most of them are too clueless to manually do that.
Wrong, you don't need to trust them. Almost any Unix flavor has POSIX capabilities, many Linux kernel patches do add a global noexec, and even Windows XP has been added the Software Restriction Policies.
They can access and download malware, you won't be able to stop them. So what? They simply can't run it, however they try!
RFC2142-compliant role account aliases should be used if applicable, though - so you should at least have postmaster@ and abuse@
Yes, and that's still true as long as the mailservers are set up normally (and without breaking RFCs).
Which is exactly the same as the above, of course.
What would they do with it then? Yes - they'll respond with an error message. That goes where?
I bow to your superior experience in running spam software ;-)
In my experience, however, spammers often don't bother with any checks like that. Why should they... it's not a problem for them if a few thousand undeliverable mails are in the spam run.
If you don't have at least postmaster@ and abuse@, you deserve to be listed on the RFC-Ignorant-RBL.
Fine, I'll just killfile every non-existing TLD from now on - problem solved.
Which proves that there's a lot of garbage out there. There's also people who suggest using stuff like Mailwasher - which actively sends out fake bounces to the faked From-adresses. I think you'll at least agree that this is a bad idea.
Actually, I'll spare the world more demonstrations of how clueless and RFC-ignorant you are.
See you again when you choose to use a sensible address...
E. wrote: [detecting arbitrary encodings, i.e. for filtering this information out of a data stream]
For example, two communication partners, say a person or a program and the server of
formatting link
could agree upon using a search term which does begin with "str" means sending a bit of 1, and not using a search term with an e in it means 0, with the exception that if the next search term begins with acr, then this wasn't a 0 or 1 but means nothing.
With this encoding, one could send arbitrary information to the server which is driving
formatting link
because one could send arbitrary sequences of 1 and 0.
Everything would look just like using
formatting link
and nobody but the two partners would know, that there is more information encoded this way then a casual watcher can see.
How do you want to detect this?
Of course, we can talk about a theoretical proof, too. But I think, such a motivation sample will do, won't it?
As I already stated, one can do the same fun with even more bandwidth on login sessions with certain bad newspapers' websites without even a casual watcher being able to differ it from normal traffic. One can actually build a provably secure channel on top of this (see Ruediger Weis 'All your keybits are belong to us').
You are reading challenged, aren't you? Where did I say that I don't have such aliases on my servers? Next time do your homework before looking stupid like this.
An while you are at it, read this:
____________________________________________________________ From: No Spam Newsgroups: comp.security.firewalls Subject: Re: VOLKER--Re: Kids bypassing firewall via web proxy sites Date: Fri, 17 Mar 2006 08:50:09 -0800 Organization: No Spam. Message-ID:
I filter all the "There was a virus in your message" bounces.
Any emails sent to postmaster, abuse, ....etc generally known/guess-able/required addresses have a Challenge/Response mechanism enabled on them, and all email servers that I administer have strong anti-spam/security/RBL filtering installed and enabled.
I hate Challenge/Response systems, but there is no way of getting a legitimate message at the postmaster, abuse, and other valid addresses without such implementation, on a popular and busy servers like the ones that I am responsible for. A person sending a complaint, is expecting a response, therefore a Challenge/Response usage is justified in this case, nowhere else it can be used without adding major annoyance.
I guess you are now exposed for being a person who can't read if his life depended on it.
What has RFCs got to do with the above? Nothing. You're losing your marbles again? Yes.
And while you are reading this:
There are no RFCs forcing you to:
Use a valid email address on usenet.
Accept connection from sources trying to send an email to an invalid address.
Not a DNS lookup before you accept the connection.
No it is not, because not everyone is as incompetent as you and your fellow clueless friend "Volker" to setup an email server which is wide open for any abuse.
Connection refused at the SMTP level, before even the transmission begins, clueless. Learn how to setup your email server properly before whining like this.
A vanilla installation of any email server software will accept the connection and the would send the response back to source, but NOT a properly setup server with proper protection.
I can suggest few places, but you won't like the answer.
The problem with you and your type, is that you are blinded by your own ignorance.
You should learn how to:
Force DNS and reverse DNS checking before accepting connections.
Use Block lists.
Use MTA level filtering, before your LDA level filtering.
Protect your common and guess-able aliases to prevent being flooded with emails that have spam/virus/malicious content in them.
If you are running a server without AT LEAST the above precautions, then you should not be even handling such a task, and you are an incompetent admin.
The above is the absolute MINIMUM, any competent admin with a clue will have much more added to his list.
Yes I know a lot about them, and you should bow. It is part of my work in 2 places to investigate them, and work with our programmers in coming with better defense mechanism.
Working in IT security in a fortune 500 corporation is not something for the clueless and the ignorant like yourself. Sorry kiddo, but you will eventually grow up and learn.
Because your experience is limited and in fact almost non-existent.
Almost all spamming software collect the email address, run syntax check, remove duplicates, categorize, ....etc.
You should do your homework before looking foolish like this.
Speaking of the ignorant, why can't you read before you respond? Where did I say that you should remove such aliases, clueless?
Reading comprehension seems to be challenge for you.
Read few lines above, what I posted about handling such aliases. Do you see me anywhere suggesting that anyone should remove those aliases? No, clueless, I said you should protect them.
Translation: "I got educated and schooled, and now I have to run away, trying to find a graceful exist after being humiliated for being an arrogant d*****ad who doesn't know what he is talking about"
Which proves that you can't read, period.
That is a bad idea, nobody with a clue would say that it is not. Any email bounce, in my opinion is a bad idea, but it is necessary for notification purposes, and is getting abused by clueless software authors that implement such a feature in their software and put it in the hands of clueless people to flood others of meaning less bounces. But that's the nature of the beast. Everything can be abused.
The same thing is said about clueless McAfee and Symantec server side spam and virus protection, as the default installations sends a bounce message "Your email has a virus in it" and similar crap to the From: address, while it is known that virus emails usually are showing a random address picked up from the victim's address book.
Consider yourself educated again.
You speak for the world?You think that the world is waiting for you to protect it? More evidence that you are delusional, liar boy.
You couldn't read FAQs and RFCs, assumed that SMPT servers work in some way that they usually don't, and lied about what I posted, and I am the one who is "clueless and RFC-ignorant"? Boy you are thick.
Not so fast, clueless. Running away because you can't handle being proven wrong? No problem with me, as long as you don't lie your way out of this thread, claiming that I said that abuse@ and webmaster@ addresses should be removed.
You're resorting to lying, and that's a certified loser's modus operandi.
Here is a free clue for you, clueless. Running around obsessively screaming "RFCs" doesn't make you look good or convince others that you know anything about them, and in fact proves that you managed to find them through your google search, desperately trying to find something to counter after being proven wrong.
Now I will leave you to drown in your own ignorance, clueless boy. I am done with you, and I am adding you to kill file, since you are so obsessively lying trying to win an argument that you already lost.
I wasted enough time on educating you, and that is not working with you, since you are so dense and thicker than a brick.
Go play in the traffic, junior. Consider growing up, it is much better than being stuck in that teenager mentality that you are doing now.
Maybe you ought to spend a few minutes reading sections 4.1 and 4.2 of RFC0821 and RFC2821 paying particular attention to reply code 550.
Perhaps if you read the RFCs you'd find out.
It's pretty obvious to anyone who runs a mail server.
Oh, so you have been bombarded by spam bounces using your domain and addressed to non-existant domains like "nospam.nospam" or "example.com"? Where did the bounces come from? Aren't they listed on RBL lists? Why did you accept them yourself?
No, my little clueless fool - you don't accept mail for users that don't exist AT THE SMTP stage. You also use RBLs to not accept mail from zombies open relays or other blindingly obvious sources of spam. If you actually had two brain cells to rub together, you'd also know about filtering techniques that can run on the mail server before the mail is accepted, SUCH AS not accepting mail from unresolvable addresses, or even based on _content_ or the number of addressees.
You are posting to a firewall group - and you haven't figured out how to handle that problem? Maybe you ought to start learning the basic concepts. Start with RFC1180, which explains how TCP/IP works.
No, you're the one demonstrating how clueless you are. You don't even understand the concept of SMTP, yet pontificate obviously stupid recommendations.
No, why not transfer your attention to news.admin.net-abuse.blocklisting. I'm sure the people over there need the laughs.
But the problem with him and with "Volker" they don't see to understand basics, yet run around screaming "breaking RFCs" while demonstrating that they don't have a clue about it.
I am still unable to understand why would someone like him choose to leave abuse@ and postmaster@ unprotected and even leave his email server unprotected instead of asking others to post with a valid email address.
Nice goalpost shift. Such a transfer would require intersite communications to be already established. Would it work if google.de/%targetsite was blocked? How would you establish communications to a blocked site when proxies are also blocked? Would standard clientside computer policy allow the user access to use/install the tools needed to do this?
Or for a better example, would this method allow the OP's students to browse myspace? Given that a proper filter checks incoming sources as well as outgoing requests to sources. If yes, define how. E.
Maybe RFC 1036 "Standard for Interchange of USENET Messages" is of interest for you; from "2.1.1. From" there:
| The "From" line contains the electronic mailing address of the | person who sent the message, in the Internet syntax. It may | optionally also contain the full name of the person, in parentheses, | after the electronic address.
It is typical for a k00k to "educate" all others with nonsense, and not to check what you're claiming right before pressing "send" for your posting.
So you're a typical k00k. I must say, a very nice exemplar where we can see all attributes of your kind.
I hope for you, that you don't mean the TCP connection for SMTP. But anyways: this is not the problem.
You're getting ridiculous. As everytime you don't understand that it's not your server or mine which is the problem, but the bad administrated server of the moron whose box is abused as a relay for the Spammer.
And don't tell me that there are no bad administrated servers out there. The pure existance of Spam shows that this would be wrong.
How could they do this without trying to parse, baby?
And perhaps you ought to spend a few minutes reading section 2.1.1 of RFC1036, Moe.
In the case I experienced, they came from MTAs of people, who don't filter such things.
Most of them: no.
Of course, after being bombarded, we filtered out postmaster@ mails on this account for a while. And we noticed that many, many people are NOT using postmaster@ as the sender address for their bounces :-(
The result was, that the account of the Spam victim was unusable until the storm was over after a week.
We first tried to filter on the bounce reason, but this required to have more computing power than on this small mail server where this happened.
All bounces which came in where OK. What do you want to achive with such a filtering?
Ah, this just is a misunderstanding. I din't want to talk about proxying now. I just used
formatting link
as an example for "arbitrary site you're allowing communication to because there is a sensible need for it, and encoding data into the stream of allowed data by using tunneling".
Or, in other words: this would be "Google phoning home" ;-)
If you don't like the Google example, just use some other site of your choice.
Or, to be more practical:
When you're not doing whitelist filtering but blacklist filtering, then it's easy to have a tunnel endpoint in the Internet, which can be used to implement such a solution.
When you're doing whitelist filtering, you may be able to prevent this kind of tunneling, if you can trust in the sites you have on your white list.
But when you're doing white list filtering, you're losing connectivity; your "Internet connection" then is none any more, it's nearly useless.
The main big advantage say, of the web (for example) is, that you can find nearly any information quickly, isn't it? _Any_ information, not "the Information of the sites on my whitelist".
Who here only uses web sites she/he already knows before?
BTW: tunneling works with _every_ type of communication. Of course, you can use E-Mail, too. You can use DNS. You can use ICMP. You can use TCP. You even can use a web forum or wiki where both can read and write.
Whitelist filtering requires restricting access to sites only, which are 100% read only for the user, if it should be successful.
Or, in other words, you have to cut connectivity.
In practice, tunneling is best done via ways, which have some bigger bandwidth, so if IP is tunneled through it, then the resulting connection is not unusable slow. But of course, this depends on what exactly should be done.
Yes. As explained. Having arbitrary data streams, you can tunnel an IP based TCP connection through, wich can be routed to the Internet again on the tunnel endpoint at the outside.
I have a question to you guys. Why do you bother with Volker and couple of his aliases? The guy is a certified retarded kook. He is here for the sake of trolling and nothing other than nonsense can be seen in his posts.
I plonked his sorry ass and never bothered with his crap again. He is stupid, and is dragging you all down to his level and would beat you with experience.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.