|
|
| Author |
Message |
| 25 new of 251 responses total. |
drew
|
|
response 59 of 251:
| 
Jan 10 18:20 UTC 2003 |
I am getting spam bounces, a coulple of samples of which I've saved in
/a/d/r/drew/spambounce. Apparantly someone is putting my login in the
"Return mail to:" line of their spam.
|
glenda
|
|
response 60 of 251:
|
Jan 10 18:36 UTC 2003 |
I am getting a bunch of them as well. Mine are all home mortage and
refinancing type spams being bounced. Steve says it sounds like someone has
Klez and it picked my address out of their address book to attach to the from.
|
mdw
|
|
response 61 of 251:
|
Jan 10 18:42 UTC 2003 |
Damn. *Please* save them all. If you get a bunch, please send mail to
"abuse@cyberspace.org". I know of 8 other IDs with the same problem.
In 6 of the 8 cases, the users ended up abandoning the accounts which
had then gotten reaped. In the other 2, the mailbox had filled up. In
some some of those cases, I saw bounces as often as once every 10
seconds. (I'm not looking forward to this. Yuck.)
I've already suggested to the board that we may need to consider pursing
legal or other action against this - this isn't just ordinary spam, this
is spam that could easily wipe our network connection out without
blinking, and without the real spammers even noticing or caring. I mean
to enter an item in coop talking about this (& perhaps one in garage to
deal with the inevitable "why can't we solve this technically" (which we
can't because we don't get involved until the bounce at which point
there's no way for us to duck the network/CPU hit.)) I haven't had time
to do this yet - got involved in dealing with another unrelated problem.
|
other
|
|
response 62 of 251:
|
Jan 10 19:04 UTC 2003 |
I have contacted the state AG about filing a complaint against the
perpetrators of the more extreme of these cases for Denial of Service
attacks.
I will post the relevant information in the item Marcus enters.
|
albaugh
|
|
response 63 of 251:
|
Jan 11 00:06 UTC 2003 |
Sorry for the drift, but can someone explain to me what seems to be the idiocy
of using someone else's From: address on SPAM? For the minute percentage of
recipients that might actually be interested in finding out more about
whatever product / service is being hawked in the SPAM, how are they supposed
to get that info with a bogus From: address?
|
gelinas
|
|
response 64 of 251:
|
Jan 11 00:16 UTC 2003 |
Spammers don't want a *reply* to their messages, they want to you to *buy*
something, which is available elsewhere. Further, they especially don't
want to deal with rejection notices and complaints. So directing that kind
of stuff to the great bit bucket in the sky, or to someone else's mailbox
(which, to the spammer, is the same thing) makes perfect sense.
|
albaugh
|
|
response 65 of 251:
|
Jan 11 00:25 UTC 2003 |
Then why don't they just select a bogus address? Why "pick on" an actual
someone, or is being a *total* asshole a perk of spamming?
|
russ
|
|
response 66 of 251:
|
Jan 11 00:30 UTC 2003 |
Faking the originating address so that "bounces" go to the
intended spam recipient is another nasty (but old) spammer trick.
|
gelinas
|
|
response 67 of 251:
|
Jan 11 00:57 UTC 2003 |
It's getting to the point that there are *no* bogus addresses.
|
mdw
|
|
response 68 of 251:
|
Jan 11 06:24 UTC 2003 |
They probably *are* selecting what they think of as a "bogus" address.
Unfortunately, since most mailers check for a real domain on retrun
addresses, spammers have to pick a "real" sounding domain, with "real"
looking names, in order to get their spam delivered. We just so happen
to have the bad luck to be "in the way". I believe spammers are
"*total* assholes" by definition.
|
malymi
|
|
response 69 of 251:
|
Jan 11 10:32 UTC 2003 |
re #5: why would grex get rid of telnet? (it would be foolish to do
so.) the ssh configuration isn't such that it can do the whole login
thing, i.e., it wasn't patched to handle expiry so you had to use telnet
which used login which does the right thing.
|
mdw
|
|
response 70 of 251:
|
Jan 11 11:24 UTC 2003 |
Presumably if we got rid of telnet, everybody would already be using ssh
and there would be universal agreement that it was time to get rid of
the insecure protocol with plaintext passwords sent in the clear.
At least in terms of use, we could probably justify getting rid of
rlogin today - we actually do still support it (but not .rhosts
authentication) and I think it even implements waiting on the waitlist
which is beats sshd, but of course there is no real advantage over using
telnet and not very many people at all use it today.
|
keesan
|
|
response 71 of 251:
|
Jan 11 14:30 UTC 2003 |
I use telnet every time that I don't dial in. Kermit or CUTCP or even Windows
telnet programs. I would have no idea how to use ssh and probably don't have
any DOS versions of it.
|
gelinas
|
|
response 72 of 251:
|
Jan 11 15:08 UTC 2003 |
I think the final clause of #70, "but of course there is no real advantage
over using telnet and not very many people at all use it today," referred
to rlogin. We _know_ lots of people are still using telnet; we wont' turn
off telnet any time soon. (And I'd like to see us go to kerberised telnet
instead of turning it off, when we do switch.)
|
keesan
|
|
response 73 of 251:
|
Jan 11 15:30 UTC 2003 |
What is rlogin?
I received the following bounced mail report today for mail that I apparently
sent Friday morning from a Czech free webmail site. Grex is rejecting
some incoming mail.
From: [14]postmaster@email.cz
To: keesan@email.cz
Subject: Cannot deliver (nelze dorucit)
Date: 10.01.2003 08:45:12
[See full header below with time zone info.]
Vasi zpravu nebylo mozne dorucit nasledujicim prijemcum:
I can't deliver Your message to:
[20]keesan@grex.org
Duvod (reason): Nelze se spojit se serverem
[Cannot connect with server]
ATTACHMENTS:
[21] zprava [message] 5.82 kB
----------
[The full header: message was rejected Friday Jan 10 8:44 am +0100 (CET)
(Central European time - about 7 hours later than here)]
Received: from 10.0.0.1 [10.0.0.1] by smtp.email.cz
(ATCO SMTP server v3.0); Fri, 10 Jan 2003 08:45:05 +0100
X-atco-email: [1]postmaster@email.cz
MIME-Version: 1.0
Message-Id: <3E1E79F4.000001.11368@file1>
Content-Type: Multipart/Mixed;
boundary="------------Boundary-00=_SUMH40MWKGMMYJ0CCJD0"
To: [2]keesan@email.cz
From: [3]postmaster@email.cz
Subject: Cannot deliver (nelze dorucit)
Date: Fri, 10 Jan 2003 08:44:52 +0100 (CET)
[Should I be deleting all of these lines except the date/time line when
making these reports or is any of the other info pertinent?]
|
naftee
|
|
response 74 of 251:
|
Jan 11 18:17 UTC 2003 |
RE:71 You are wrong. I use SSH for DOS, and I believe there is a SSH
implementation for WIndows 3.1 aswell
|
tonster
|
|
response 75 of 251:
|
Jan 11 20:51 UTC 2003 |
ssh was compiled for dos/windows in cygwin. It's not difficult to
obtain. Eventually, telnet will go away everywhere. Most places are
getting rid of it because of what was said above, it's insecure.
Passwords are sent as plaintext. Making it kerberized won't fix that.
I'm not saying it'll go away anytime soon. But eventually, you can bet
it'll go away.
|
remmers
|
|
response 76 of 251:
|
Jan 11 22:01 UTC 2003 |
Within the last year I've used a DOS version of ssh. Don't recall
where I got it.
|
tonster
|
|
response 77 of 251:
|
Jan 11 23:54 UTC 2003 |
it was very likely a cygwin build.
|
keesan
|
|
response 78 of 251:
|
Jan 12 00:24 UTC 2003 |
The 'cannot deliver' was for a mail sent to keesan@grex.org Friday - I seem
to have deleted that info. Are other people not receiving mail sent to them
at grex on Friday?
|
gelinas
|
|
response 79 of 251:
|
Jan 12 01:19 UTC 2003 |
(Kerberised telnet *does* fix the "password is sent in plaintext" problem:
the telnet connection is encrypted end to end, before the "login" prompt
is sent, usually. The password _may_ have to be decrypted at the other
end, just as it is in ssh, but that's a local configuration issue: with
ticket forwarding, the password isn't needed at the far end.)
|
gull
|
|
response 80 of 251:
|
Jan 12 03:44 UTC 2003 |
Before we could turn off telnet we'd have to fix the password expiry problem
(doesn't work with ssh -- you simply can't log in) and either eliminate the
queue or make it work with ssh. Making ssh set the MAIL variable correctly
would be nice, too.
|
mvpel
|
|
response 81 of 251:
|
Jan 13 06:51 UTC 2003 |
When is an upgrade of SSH from the insecure protocol of version 1 to version
2 planned? Also, I get this from my OpenSSH:
caladan$ ssh -1 grex.cyberspace.org
Warning: Server lies about size of server public key: actual size is 767 bits
vs. announced 768.
Warning: This may be due to an old implementation of ssh.
|
fitz
|
|
response 82 of 251:
|
Jan 13 10:29 UTC 2003 |
Is this a problem? My session on the agora ended with this message. The
interrupt command didn't work.
________________________________________
#3 of 14: by The Accidental Purist (other) on Thu, Jan 9, 2003 (18:46):
He's translating for his friends, the literacy-impaired.
#4 of 14: by S M (mynxcat) on Thu, Jan 9, 2003 (18:59):
aaah. That makes sense
Press Spacebar for more, q to quitshTerminated
: 2726 Terminated
>
>
|
naftee
|
|
response 83 of 251:
|
Jan 13 15:21 UTC 2003 |
RE:76 You can use SSHDOS for DOS, of sourceforge.net
|
