VB, do you understand that does not contain a valid domain, does not contain a valid TLD? That means it does not introduce spam to anyone - but it will get rejected at the senders server when they try to send.
Think again VB, email wont send to snipped-for-privacy@spam.spam, so it can't be abused.
What funny is that some of the people are actually wrong.
As we've seen, VB and his group believe that you can't protect people or systems by filtering content from sessions, but firewall vendors and the majority of firewall administrators know differently.
As an example, if I only allow you access to business partner websites, if I remove activeX, remove cookies, remove the ability to download certain file types, only allow specific attachment types in email, etc... You would be able to operate your workstation on a daily basis without much worry for security.
The same is true with kids, and since I have a few, manage a few companies networks, setup firewalls all the time, I would have to say that it's easy to block/restrict access to things that users should not be visiting or accessing or downloading.
We even have a perfect, although small, example where the OP was able to block content based on keywords, which was then shown in the firewall logs, which cause the offenders to be reprimanded.... So, lets see, even though the filter was small, it kept the users from reaching their desired location - more filtering would strengthen the ability to keep them away from the location as it could be reached by other means, bypassing the small filter set....
So, it's not about certifications, not about glory, it's about letting noobs and ignorant people that might fall for VB's BS know that he's wrong, and that properly designed filters/list used/setup properly, do actually work as intended.
my intial thought to that? ...Expel them all and go fishing. E.
I can. You can't.
irrelevant as filtering occurs before IE would even see it.
Put "extensive experience with failing to implement even basic filtering" in your CV and impress future employers. E.
Nah, you're just not doing any serious manner.
For what criteria? You'd need to do MIME sniffing yourself, with all it hassles.
Guess you don't know what basic filtering is and what your funny trials are.
Yes. That's exactly what he wrote.
A spam with From: snipped-for-privacy@whitehouse.gov and To: snipped-for-privacy@nowhere.lan gets sent via an open relay (or a Zombie, or whatever). The mailer daemon tries to look up the MX for nowhere.lan, cannot find it, and sends an error message to the From-address.
Do you get it now? By using a nonexistent adress you increase the number of bounces that the owner of the faked From receives.
Juergen Nieveler
And the server will do WHAT? Yes - it will send a bounce-message to the adress listed as From...
Juergen Nieveler
On Tue, 14 Mar 2006 12:54:45 +0100, Sebastian Gottschalk put finger to keyboard and composed:
The additional complexity is warranted, especially if the user is not computer savvy. For example, I've seen ZA block Badtrans in a friend's PC. That's all the convincing I need.
Do you bother locking your house or your car? If so, why?
Not in this universe.
Yes, all of Australia's illegal drugs and weapons arrive by train.
- Franc Zabkar
On 15 Mar 2006 05:58:05 -0800, "Jazz" put finger to keyboard and composed:
Yep, many people see Usenet as an ego trip. Unfortunately this newsgroup has been invaded by a triumvirate of mantra chanting anti-firewall bigots. It's much the same in other groups. Welcome to the real world. Just be thankful that newsreaders have kill files. The real world does not. :-(
- Franc Zabkar
Dude, dont tempt me, i am a huge bass fishing fan... thanks for getting my mind wandering now...
There are various examples of software that will happily bypass ZA... that's all the convincing _I_ need.
Juergen Nieveler
I have seen SMB traffic bypassing ZA in strict contraction to its ruleset, letting an unpatched system getting compromised by Sasser.
You can easily see ZA locking up the PC whenever you're flooding it with a good mixture of ICMP and UDP packets from spoofed sources.
That's all the convincing you'll ever need.
You OTOH seem to be confused in anything that goes beyond email basics.
Which of course doesn't mean it won't get into someone's inbox, but hey, why should you care that your fake mail address increases the spam volume for someone alse?
Can you say "bounce"? Can you say "address spoofing"?
No? I thought so.
Spammer sends bulk mail with spoofed From address to your fake address, using an open relay. Bounce goes to spoofed From address. Thus your fake mail address caused someone else to receive the spam that was directed to you. Some people call this type of behaviour "anti-social".
I have a hunch *who* made a fool out of himself, and it sure isn't Volker.
*plonk*cu
59cobalt
It doesn't work that way on our mail servers, if the address is unresolved the INTERNAL sender gets the bounce report, it does not allow senders that have not authenticated with the server to send or even get a report.
So, from our mail servers, and even the ISP's mail server, you can't send if you don't have a account/pwd, can't send if you're not the account holder, if the email address doesn't match the senders account, and it won't send outside the network if the to address is invalid.
Now, I could see it if your mail server just blindly handled sent mail.
See other reply.
Oh, and lets not forget, if they use FROM snipped-for-privacy@spam.spam, one, it wont send outbound through a properly configured server, two, if they allow it to be sent, then the reply will not be sent as snipped-for-privacy@spam.spam is not a valid destination.
If there were to FROM snipped-for-privacy@mail.com TO snipped-for-privacy@spam.spam, then it's not the snipped-for-privacy@spam.spam that's really the problem, the spammer already knows the real address and the bounce will alert the valid email holder that his address is being abused....
I do the same with all of the systems I control as well as implement content filtering. It's also critical to have an Acceptable Use Policy in place. Lastly it's understood by all parties that system lockdown, content filtering, and AUP's do NOT guarantee 100%, but it's pretty damn close.
Yep, we even put something close to that as a clause in our contracts.
However, it DOES block many things. And as long as you don't pay for it, it is better than using NO security software at all and letting yourself be open to the wild.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.