list managemnt issue

Gerry Creager N5JXS gerry.creager at tamu.edu
Thu Nov 13 21:43:03 EST 2003


Count to 10.  Don't respond initially with what you wanted to say... 
Okay, I've followed the advice.

<RANT>
Reread the initial portion of my e-mail.  I *DO* keep my system tight. 
The last known compromise was a buffer overflow in apache, exploited 
before it was announced by apache or bugtraq.  And fixed appropriately 
as soon as a patch was available (within hours).  Because of system 
configs and safeguards, no spam emitted from the site.  The one previous 
to that was caused by a buffer overflow exploit in wuftpd.  That 
represents the last time wuftpd ran on one of my systems.  It also 
resulted in forensics running back thru 3 other compromised systems in 
the US, and to 2 originating machines in Germany.  And some detentions 
(I never got final word on arrests/convictions, if any).

I've not had a documented case of an open relay.  I've not been 
appropriately accused of having spam transit any of my systems.  I 
perform periodic security audits.  I no longer run honey-pots and 
tarpits because of an Attorney General's opinion on their legality, but 
I have.

AND YOU ARE GOING TO TELL ME TO TIGHTEN UP MY SYSTEM?
</RANT>


Angel Rivera wrote:
> Gerry Creager N5JXS writes:
> 
>> Can someone *NOT* blackhole anyone?
>> I'm sorry Joel.  This is a hot-button.  I've found myself blackholed 
>> in the past because I was on an ISDN modem, on DSL, from a University, 
>> and once for an open relay... that I didn't run.
>> Getting out of the blackhole list is a PITA, and sometimes unachievable.
>> I've firmly decided that blackhole/blacklisting spammers/potential 
>> spammers/someone I just don't like/etc. isn't the answer.  I've had 
>> considerable success with graylisting, but that's not the problem here.
>> What I guess I'm asking here is for the listadmin to unceremoniously 
>> unsubscribe *@systemsfirm.net for much the same reason you asked for 
>> them to be blackholed.
>> Blacklist/blackhole implementations are, IMO, broken at best, and a 
>> number of the administrators of same I've dealt with are pompous 
>> juveniles who can't interact with a human when they make a mistake.
> 
> 
> Knee jerk reactions are never good-no matter what side of the RBL 
> question you are on.
> I love RBLs.  They do exactly what they are supposed to do, block abuse 
> of my systems from the incompetent (at best), or deliberate abusive (at 
> worse) without having to add more of a burden to my and my users. Also, 
> I can with a two line entry control access to all my boxes.
> Don't wanna get RBL'd?  Keep your system tighened down. Someone does not 
> get into RBLs by keeping their system configured correctly.

-- 
Gerry Creager -- gerry.creager at tamu.edu
Network Engineering -- AATLT, Texas A&M University	
Cell: 979.229.5301 Office: 979.458.4020 FAX: 979.847.8578
Page: 979.228.0173
Office: 903A Eller Bldg, TAMU, College Station, TX 77843

_______________________________________________
Beowulf mailing list, Beowulf at beowulf.org
To change your subscription (digest mode or unsubscribe) visit http://www.beowulf.org/mailman/listinfo/beowulf



More information about the Beowulf mailing list