[CLUE-Tech] Brute force attack from host 208.188.115.21
Charles Oriez
coriez at oriez.org
Fri Aug 6 04:11:20 MDT 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
>"Roy J. Tellason" <rtellason at blazenet.net> wrote:
> > On Thursday 05 August 2004 11:43 am, Collins Richey wrote:
> > > Yes, 'automated' is a bad thing for some of us. I as a happy
> > > comcast(< attbi <@home) user have suffered from the overzealous
> > > application of automated spam rules to the comcast ip space.
> >
> > Automated dealing with spam and virus issues and being extremeley
> > heavy-handed about it was why I switched away from my former
> > provider,
> > and one of the reasons I'd do it again...
> >
> > It got to the point where it seriously disrupted my communications
> > with people.
Spam has gotten to the point that it has seriously disrupted communications
with everyone. And at one point, Comcast was one of the biggest sources of
spam on the Internet. Even a Comcast tech admitted that while their smtp
mail servers were sending out 100 million pieces of mail a day, trojaned
machines on their network were sending out 700 million pieces of mail
through port 25, almost all of which was spam. Yet they refused to block
port 25.
Sure, I have .client.comcast.net in my access file with a REJECT next to
it. Sure, SORBS, SPEWS, AHBL, and I think Spamhaus, to name four widely
used dnsbl's, have that same sub domain listed as a spam source. For a
brief period before it was listed though, 25% of the spam hitting my server
had that domain in a received header.
If Comcast had taken obvious steps before the problem was a problem, the
listing wouldn't have happened. If it weren't for the fact that a
significant number of Comcast users (present company very specifically
excluded) should never have been granted a license to connect their
machines to any other machines on the Internet because they lack the mental
capacity to understand that you have to keep your virus protection up to
date and not open attachments claiming to show Paris Hilton nude sent to by
from complete strangers, and do something as simple on a Windoze box as
make sure extensions are displayed, then the listing wouldn't have been
necessary.
I think the evidence was more than adequate to justify listing that
subdomain, and the listing wasn't the least bit over zealous. The listings
were the only thing that forced Comcast to finally take the necessary steps
to fix the problem. My own logs right now show that Comcast spam is down
99% on my machine. Any Comcast customer who wants to reach my machine can
still do so, as long as they route through a Comcast SMTP server. You can
thank the spammers for that, because I have no interest, or responsibility,
to pay for the bandwidth to see the latest viagra offer from scot richter.
- --
coriez at oriez.org 39 34' 34.4"N / 105 00' 06.3"W
"You want us to hit delete. A blocking list is basically a diesel delete
key. A blocking list is the bulk delete response to unwanted bulk email.
When we use a blocking list, we are hitting delete, as you ask us to
do. Why do you object?" -- David Canzi
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>
Comment: created 6/26/04 expire 6/25/05 stored MIT & PGP.COM
iQA/AwUBQRNZSLiLNnC0cMkdEQJnvACdFwEb5w3/4L0XOp0SEzkQDU7COSwAnRbF
YGBAH/0aopdGmNfq/JwWF+PM
=CBlb
-----END PGP SIGNATURE-----
More information about the clue-tech
mailing list