[lug] linux firewall, popup windows spam blocking

D. Stimits stimits at attbi.com
Sun Jun 22 16:07:02 MDT 2003 

Mr Viggy wrote:

> NetBEUI is, in fact, it's own protocol.  You don't need TCP/IP installed
> at all, to use NetBEUI.  However, NetBEUI is not routable.
>
> NBT, or "NetBIOS on TCP/IP" is prolly what your thinking of.  This is
> basically Microsoft's "answer" to allow NetBEUI to be routable.
> Unfortunately, I don't know if you can filter it.


Very interesting. I wonder though, if it actually needs to be routable 
when using a broadcast address. Microsoft themselves mentioned the use 
of broadcast NetBEUI as one way of sending popups.

D. Stimits, stimits AT attbi DOT com

>
> Viggy
>
> D. Stimits wrote:
>
> > Bear Giles wrote:
> >
> >> On a related note, how do you send Window Messager messages?
> >
> >
> >
> > There are apparently multiple routes in to do this. The UPS here uses
> > it, but apparently broadcast of NetBEUI or UDP, or else direct port
> > 135, 137, or 139 can do this as well. Can anyone tell me if NetBEUI is
> > truly its own protocol, that ipchains would distinguish differently
> > from tcp and udp?
> >
> >>
> >> Not to spam... but I think it could be a Good Thing for many of us to
> >> add Window Messager acks to our services.  We shouldn't just quietly
> >> block suspicious activities, we should honor these people for there
> >> initiative!
> >
> >
> >
> > This would be ideal.
> >
> >>
> >> This won't stop "pro" attackers, of course.  But it's fun to imagine
> >> some 14-year-old wannabe running his illicit program, then making a 
> mess
> >> as the screen is flooded with "I see you" messages.
> >
> >
> >
> > I've been told that the companies that sell spam lists are now selling
> > spam software to use popups to directly trespass on machines. In this
> > case, www.byebyeads.com is essentially doing a criminal trespass to
> > directly invade the user's machine, and paste a note that says if y ou
> > pay them their software fee (extortion money), that they will stop
> > attacking the machine. I call it an attack because it has caused
> > machine lockup and failure multiple times in the last day or two. I
> > call it criminal because they are invading a private home, not a
> > public web server, causing damage, and then asking for money to stop.
> > I notified them to stop, yet they persist, which means they were
> > warned (and they know it is trespassing, they just think there is
> > nothing I can do about it). Unlike a typical open port, I told them to
> > stop, and their attacks picked up.
> >
> >>
> >> Besides the annoyance factor, this could even address those attackers
> >> attempting to turn wiretap laws against their victims when the attempt
> >> to take action - the message could contain some legal-sounding noise
> >> about all communications being logged and shared with third parties,
> >> including law enforcement, etc. Naturally at this point it would be a
> >> good idea to log that the message was actually sent, and if it was
> >> received (vs. blocked) if possible.
> >
> >
> >
> > Actually, I sent a letter to one of our Colorado senators a while
> > back, and he apparently has worked on legislation related to spam
> > (pro-kill-the-spam) before I even talked to him. I think I am going to
> > name these people and their tactics directly to him, and ask that it
> > become an official criminal trespass to invade a port on a machine
> > after being specifically requested to stop doing so. Someone else
> > pasted a URL of an interesting article earlier, which mentioned that
> > they are now looking to turn some spam related offenses into
> > $25,000/day fines and prison sentences (exceeding a year). In any
> > case, I don't consider lobotomizing the computer to be a valid cure,
> > prisons sound better.
> >
> > D. Stimits, stimits AT attbi DOT com
> >
> >>
> >> _______________________________________________
> >> Web Page:  http://lug.boulder.co.us
> >> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> >> Join us on IRC: lug.boulder.co.us port=6667 channel=#colug
> >>
> >
> >
> > _______________________________________________
> > Web Page:  http://lug.boulder.co.us
> > Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> > Join us on IRC: lug.boulder.co.us port=6667 channel=#colug
> >
> > .
> >
>
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: lug.boulder.co.us port=6667 channel=#colug
>

More information about the LUG mailing list