[lug] linux firewall, popup windows spam blocking

D. Stimits stimits at attbi.com
Thu Jun 26 21:37:54 MDT 2003 

Scott Herod wrote:

> On Mon, 23 Jun 2003, Bear Giles wrote:
>
>
>
> >We all see a huge difference between sending out something from a
> >spamming list and responding to an intrusion, but how do you
> >codify that into law?  It's a lot harder than you might think, and
> >if it's not done right the solution may be worst than the problem.
>
>
> I saw one proposal that would be someone difficult to implement since it
> would require infrastructure improvements but which would not require any
> legislation.  Furthermore, it would address exactly the point that Dan
> brought up.  Have everyone only accept email from unknown sources if 
> there
> is a micro-payment attached.

There is no email involved here. Nor is web browsing involved. They are 
using the same service that an UPS would use to notify that power has 
been lost. In this case, Level 3 Communications IP address of 
63.215.251.101 is breaking in on port 1026, UDP, and directly invading 
the system. In many cases this is causing a video mode switch from the 
app that is running, and crashes the system, resulting in loss of data. 
No email or web browsing is done from this machine, they are simply 
doing the equivalent of port scanning and abuse of a MS feature/flaw.

>
> If you want to send me email, attach 1/100'th of a cent.  I'll gladly pay
> you the same to accept email that I send.  I'd probably go years before
> even paying a penny, but then I don't send out 100,000 emails at a time.

I am very much against this infrastructure, as they will end up using 
Microsoft proprietary tech and removing all use of machines not subject 
to MS virus and worms.

>
> If my ISP collected from all of the email that I get and applied it
> towards my bill, they would probably owe me money.

They can still identify (with a lot of effort) many of the spammers that 
forge headers, without some bogus MS identity technology. The whole .NET 
proof of identity thing is a farce, as they would destroy part of what 
has to be protected, and force people to use the most vulnerable o/s 
there is. In this particular case, 63.215.251.101 is directly attacking 
machines via port 1026 (UDP), and it has nothing to do with email.


D. Stimits, stimits AT attbi DOT com

>
> Scott
>
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: lug.boulder.co.us port=6667 channel=#colug
>

More information about the LUG mailing list