[CLUE-Tech] Brute force attack from host 208.188.115.21

Charles Oriez coriez at oriez.org
Fri Aug 6 04:11:20 MDT 2004 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


>"Roy J. Tellason" <rtellason at blazenet.net> wrote:
> > On Thursday 05 August 2004 11:43 am, Collins Richey wrote:
> > > Yes, 'automated' is a bad thing for some of us. I as a happy
> > > comcast(< attbi <@home) user have suffered from the overzealous
> > > application of automated spam rules to the comcast ip space.
> >
> > Automated dealing with spam and virus issues and being extremeley
> > heavy-handed about it was why I switched away from my former
> > provider,
> >  and one of the reasons I'd do it again...
> >
> > It got to the point where it seriously disrupted my communications
> > with people.

Spam has gotten to the point that it has seriously disrupted communications 
with everyone.  And at one point, Comcast was one of the biggest sources of 
spam on the Internet.  Even a Comcast tech admitted that while their smtp 
mail servers were sending out 100 million pieces of mail a day, trojaned 
machines on their network were sending out 700 million pieces of mail 
through port 25, almost all of which was spam.  Yet they refused to block 
port 25.

Sure, I have .client.comcast.net in my access file with a REJECT next to 
it. Sure, SORBS, SPEWS, AHBL, and I think Spamhaus, to name four widely 
used dnsbl's, have that same sub domain listed as a spam source.  For a 
brief period before it was listed though, 25% of the spam hitting my server 
had that domain in a received header.

If Comcast had taken obvious steps before the problem was a problem, the 
listing wouldn't have happened.  If it weren't for the fact that a 
significant number of Comcast users (present company very specifically 
excluded) should never have been granted a license to connect their 
machines to any other machines on the Internet because they lack the mental 
capacity to understand that you have to keep your virus protection up to 
date and not open attachments claiming to show Paris Hilton nude sent to by 
from complete strangers, and do something as simple on a Windoze box as 
make sure extensions are displayed, then the listing wouldn't have been 
necessary.

I think the evidence was more than adequate to justify listing that 
subdomain, and the listing wasn't the least bit over zealous.  The listings 
were the only thing that forced Comcast to finally take the necessary steps 
to fix the problem. My own logs right now show that Comcast spam is down 
99% on my machine.  Any Comcast customer who wants to reach my machine can 
still do so, as long as they route through a Comcast SMTP server.  You can 
thank the spammers for that, because I have no interest, or responsibility, 
to pay for the bandwidth to see the latest viagra offer from scot richter.




- --
coriez at oriez.org 39  34' 34.4"N / 105 00' 06.3"W
"You want us to hit delete.  A blocking list is basically a diesel delete 
key.  A blocking list is the bulk delete response to unwanted bulk email. 
When we use a blocking list, we are hitting delete, as you ask us to 
do.  Why do you object?"  -- David Canzi

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>
Comment: created 6/26/04 expire 6/25/05 stored MIT & PGP.COM

iQA/AwUBQRNZSLiLNnC0cMkdEQJnvACdFwEb5w3/4L0XOp0SEzkQDU7COSwAnRbF
YGBAH/0aopdGmNfq/JwWF+PM
=CBlb
-----END PGP SIGNATURE-----

More information about the clue-tech mailing list