DNS Hijacking by Cox

• Previous message (by thread): DNS Hijacking by Cox
• Next message (by thread): DNS Hijacking by Cox
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Quoting Sean Donelan <sean at donelan.com>:
> On Sun, 22 Jul 2007, William Allen Simpson wrote:
>> Comcast still blocks port 25.  And last week, a locally well-known person
>> was blocked from sending outgoing port 25 email to their servers from her
>> home Comcast service.
>
> MSA port 587 is only 9 years old.  I guess it takes some people longer
> than others to update their practices.  Based on what I know how
> comcast's abuse systems implement their port 25 restrictions, I think
> it is extremely unlikely it was based on other people having her e-mail
> address in their Outlook programs.

Indeed. There's just not enough info to make anything but wild guesses  
about this.

> Some people complain ISPs refuse to take action about abuse and
> compromised computers on their networks.  On the other hand, people
> complain when ISPs take action about abuse and compromised computers on
> their networks.  ISPs are pretty much damned if they do, and damned if
> they don't.

Gotta love the techie world :)

> Several ISPs have been redirecting malware using IRC to "cleaning"
> servers for a couple of years trying to respond to the massive number
> of bots.  On occasion they pick up C&C server which also contains some
> "legitimate" uses. Trying to come up with a good cleaning message for
> each protocol can be a challenge.

I'm still unsure that this is either a good idea or a bad idea...  
changing the DNS can only help until the bots start connecting  
directly to IP addresses. Then where do we go? NAT those connections  
to elsewhere? It's one of those lovely arms races where things just  
get more and more invasive.

In the short term, it's a good thing - the amount of spam I get from  
their network has halved - which is great - however in the long term,  
the writers of this crudware will find another way to do business  
(web? ftp?).

> Yes, false positives and false negatives are always an issue. People
> running sevaral famous block lists for spam and other abuse also made
> mistakes on occasion.

And these people have been flamed senseless. I like to think of it as  
a case of the work the blocklists do is excellent and saves many a  
network from being overrun by spam - however there is always  
collateral damage from things like this. The good far outweighs the  
bad however.

-- 
Steven Haigh

Email: netwiz at crc.id.au
Web: http://www.crc.id.au
Phone: (03) 9017 0597 - 0404 087 474

• Previous message (by thread): DNS Hijacking by Cox
• Next message (by thread): DNS Hijacking by Cox
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]