Search:  

 
theme to black backgroundlet page decide theme
HomeFind ServiceReviewsISP NewsFAQsForumsToolsDatabaseAbout 
 
   All ForumsHot TopicsGallery






how-to block ads


 
Forums » MCI Boots Send-Safe » Public pressure works against prominent companies
Uniqs:
338		 Share Topic:
RSS topic:
toggle:
flat / full
normal / watch
Post a:
Post a:
« So what's this got to do with Vint Cerf?  

TKJunkMail
Enjoy the sun
Premium
join:2002-03-03
Avalon, NJ
·Sprint Mobile Broa..
·Comcast

1 edit

Public pressure works against prominent companies

Public pressure often works against prominent companies. Secondary income sources that are kind of sleazy can often be squashed because a company like MCI fears losing their more lucrative primary business.

My Web Page
My Blog
Join Red Room Forum
permalink · 2005-03-01 09:15:11 · Reply to this

RR Conductor
RailRoadDude
Premium
join:2002-04-02
Redwood Valley, CA

Re: Public pressure works against prominent companies

Sometimes.
permalink · 2005-03-01 09:15:57 · Reply to this

Karl Bode
News Guy
join:2000-03-02		 Only when it's blatantly obvious to even the dimmest that what they're doing is wrong.
permalink · 2005-03-01 09:16:55 · Reply to this

ronpin
Imagine Reality

join:2002-12-06
Nirvana

2 edits

Re: Public pressure works against prominent compan


Meet my new Board of Directors, capishe?
Spam? -- I dun see no spam here eh Tony?
:>
permalink · 2005-03-01 09:21:15 · Print · Reply to this

Mr Pilkington



 Again, allow me to point out that the "zombie networks" would be completely ineffective if a DNS server refused all local MX record requests except from its own mail servers. Regular users have no need for MX lookups except for serving spam.

MX requests from "the world" would be answered only for domains for which the server is authoritative. The only machines that could request any MX record would be those IPs listed in a conf file -- like your mail and web servers for example.

Think about it - it's much less restricting and inconvienent than a blanket filter on port 25.
permalink · 2005-03-01 11:22:15 · Print · Reply to this
Matchstick

join:2001-09-08
UK

Re: Public pressure works against prominent compan

Errrm I'm no DNS expert but AIUI, if a SMTP server asks a DNS server for an MX record for which it is non-authoritative, the only way for the DNS server to find the MX record is to request it from a DNS server which *is* authoritative for the domain.

So if this is correct, you HAVE to continue to allow DNS requests for MX records from outside a small ACL of IPs.

And then how can the authoritative DNS server easily tell the difference between a legitimate request from a non-authoritative DNS server and a request direct from a zombied PC ?
permalink · 2005-03-01 11:43:34 · Print · Reply to this

pcscdma
Chocobo Chocobo Random Battle
Premium
join:2004-01-14
Winterset, IA
clubs:

 I thought that MX records were for telling SMTP servers where to send the mail.

I'll send a mail to someone at dslreports.com using my ISP
My email client is configured to send stuff to mail.mchsi.com
My email client looks up mail.mchsi.com using my ISP's DNS lookup servers 204.127.202.4 or 216.148.227.68
It either finds it in the cache or tells me to go the dns server for that domain or does it itself (confused on how this part works)
My email client connects to 204.127.203.151 and sends the message
mail.mchsi.com (204.127.203.151) sees that I'm sending something to dslreports.com
mail.mchsi.com (204.127.203.151) looks up the DNS server of dslreports.com or finds it in cache using it's DNS server (probably the same as mine)
It looks to see if there is an MX record and if it finds one it uses it and looks up the IP address of them using DNS because the addresses are URLs
It tries the lowest priority number and goes up until it connects to one
If it doesn't find an MX record it just uses the web server (209.123.109.175)
It connects using one of the methods above and sends it on it's way

This is at least how I understand it.
--
"The bad news is that we are told that Michael Powell, one of Washington's better bureaucrats, is calling it quits today after four years at the helm of the Federal Communications Commission." - WSJ 2005/01/21
permalink · 2005-03-01 13:05:37 · Print · Reply to this

pog
Premium
join:2004-06-03
Kihei, HI
·Hawaiian Telcom

 a) compiling and maintaining the required whitelist is not some trivial task. I'd think it's cumbersome/tedious/problematic enough that that alone would deter anyone from going for it.

b) what about the case where an ISP's caching DNS server is used by more than one class of user (ie residential, business users, their own mail servers, etc). How will you decide which request you will honor and which you won't? Perhaps you're thinking to force each mail server into running their own local DNS?

c) this doesn't seem much different than existing firewalling/blocklisting except that your protection is indirect... it wouldn't take much for an attacker to learn the IP address of the intended victim and then feed it manually to the zombies and then... what? The path is clear?

So... no... your approach would be far more ineffective, restrictive and inconvenient than an outbound/off-net block of port 25 traffic which does a better job of destroying a zombie's SMTP abilities. Of course, we don't need to rehash the pros/cons of port 25 blocking here... that's another topic altogether.

Perhaps, the following should be required reading
»www.rhyolite.com/anti-spam/you-might-be.html
permalink · 2005-03-01 15:51:36 · Print · Reply to this
robscullion
Premium
join:2001-12-07
Philadelphia, PA
·Speakeasy

Re: Public pressure works against prominent compan

That rhyolite link is great! I agree...it should definitely be required reading.

I'd say lurking in NANAE (»groups-beta.google.com/group/new···se.email) for a month should be considered required as well, but that'd fall into the category of "cruel and unusual punishment".
permalink · 2005-03-02 12:17:41 · Reply to this

Mr Pilkington

@ip.alltel

 Ha ha ha - I don't think it's even near the final solution against spam. I do think it's one that hasn't been tried yet.

Matchstick - You *do* allow your mail server to look up outside MXs. You just don't allow any other IP range(s) to do the same. And, your DNS server would allow anyone to request its own records. For example, if you are bob.com, anyone can pull the bob.com MX records. However, if a bob.com user's IP wants joe.com's MX address, the request is denied. If bob.com's email server wants joe.com's MX, it's allowed.

pcscdma - Your description is correct. However, the spambots do that entire process on your machine; they're their own mail server. That's why they shouldn't have access to MX records in the first place.

pog - There would be no true "whitelist" to manage and actually not much "management" at all. Simply block MX records from all except a few subnets or IP ranges.

I don't think anyone is thinking far enough into it before instantly deeming it useless. You're not blocking *your* MX records from ouside sources. You're preventing your users' PCs from obtaining ouside MX's and hoping others will do the same in return.
permalink · 2005-03-02 01:24:25 · Print · Reply to this

pcscdma
Chocobo Chocobo Random Battle
Premium
join:2004-01-14
Winterset, IA
clubs:

Re: Public pressure works against prominent compan

said by Mr Pilkington:

... and hoping others will do the same in return.
That's the hard part.

permalink · 2005-03-02 10:57:51 · Reply to this
robscullion
Premium
join:2001-12-07
Philadelphia, PA
·Speakeasy

 Just for the sake of argument, I think you'd have to also block any direct outbound DNS queries from the zombies (client PCs) to outside DNS servers in order to make this at all feasible. Otherwise, the zombies could just skip the local DNS server and do an end-run around the whole system by querying the remote DNS servers directly.

But isn't the point here that the referenced spam software is sending via the zombie ISP's SMTP server? In that case, there's no MX DNS query involved. I don't even see how you can really differentiate the zombie software from the legitimate user. The zombie just sends to the ISPs SMTP server and that server takes care of all the forwarding for it.

Maybe if all ISPs forced authentication for sending even from within their own network it would put a dent in Send Safe type systems. Does this Send Safe stuff steal auth info from the user's local legit email software? If so, I guess that'd be a dead end as well. Otherwise, going to a system that requires authentication over a secure channel for sending email might at least curb the effectiveness of this particular method.
permalink · 2005-03-02 12:02:17 · Print · Reply to this
Forums » MCI Boots Send-Safe« So what's this got to do with Vint Cerf?  

Thursday, 10-Dec 12:19:00 Terms of Use | Privacy Policy | Hosting by www.nac.net - DSL,Hosting & Co-lo | feedback | contact
over 10 years online! © 1999-2009 dslreports.com.republican-creole
page compression OFF
Most commented news this week
· [200] Sprint Sued For Distracted Driving Death
· [127] AT&T Launching New 24 Mbps U-Verse Tier
· [82] 3G Network Test Says AT&T Is Tops
· [73] AT&T Hints At Usage-Based iPhone Data Pricing
· [72] Mediacom Unveils 105 Mbps Pricing
· [67] WPA Cracker: Test WPA-PSK Networks In 20 Minutes
· [66] Sprint Poised For A Turnaround?
· [51] The Future Of Wi-Fi Is Bright
· [47] Site Leaks Yahoo, Verizon Fed Data Share Pricing
· [45] Microwaving Your Innards Is Not 'Extreme'
Most people now reading
· IMG 1.7 (IMG Updates and Discussion) [Verizon FIOS TV]
· Cross Server Dungeon Experience [World of Warcraft]
· New Mediacom Email [Mediacom]
· 60GB would only last us two days! [TekSavvy]
· Battered Hilt Delimma [World of Warcraft]
· Windows 7 boot manager editing questions [Microsoft Help]
· malware has been found hidden inside an Ubuntu screensaver [Security]
· Comcast refused to install 400' feet. [Comcast HSI]
· UBB round 2 at the CRTC [Canadian Broadband]
· Icecrown 5-man strats [World of Warcraft]