list managemnt issue
Gerry Creager N5JXS
gerry.creager at tamu.edu
Thu Nov 13 21:43:03 EST 2003
Count to 10. Don't respond initially with what you wanted to say...
Okay, I've followed the advice.
Reread the initial portion of my e-mail. I *DO* keep my system tight.
The last known compromise was a buffer overflow in apache, exploited
before it was announced by apache or bugtraq. And fixed appropriately
as soon as a patch was available (within hours). Because of system
configs and safeguards, no spam emitted from the site. The one previous
to that was caused by a buffer overflow exploit in wuftpd. That
represents the last time wuftpd ran on one of my systems. It also
resulted in forensics running back thru 3 other compromised systems in
the US, and to 2 originating machines in Germany. And some detentions
(I never got final word on arrests/convictions, if any).
I've not had a documented case of an open relay. I've not been
appropriately accused of having spam transit any of my systems. I
perform periodic security audits. I no longer run honey-pots and
tarpits because of an Attorney General's opinion on their legality, but
AND YOU ARE GOING TO TELL ME TO TIGHTEN UP MY SYSTEM?
Angel Rivera wrote:
> Gerry Creager N5JXS writes:
>> Can someone *NOT* blackhole anyone?
>> I'm sorry Joel. This is a hot-button. I've found myself blackholed
>> in the past because I was on an ISDN modem, on DSL, from a University,
>> and once for an open relay... that I didn't run.
>> Getting out of the blackhole list is a PITA, and sometimes unachievable.
>> I've firmly decided that blackhole/blacklisting spammers/potential
>> spammers/someone I just don't like/etc. isn't the answer. I've had
>> considerable success with graylisting, but that's not the problem here.
>> What I guess I'm asking here is for the listadmin to unceremoniously
>> unsubscribe *@systemsfirm.net for much the same reason you asked for
>> them to be blackholed.
>> Blacklist/blackhole implementations are, IMO, broken at best, and a
>> number of the administrators of same I've dealt with are pompous
>> juveniles who can't interact with a human when they make a mistake.
> Knee jerk reactions are never good-no matter what side of the RBL
> question you are on.
> I love RBLs. They do exactly what they are supposed to do, block abuse
> of my systems from the incompetent (at best), or deliberate abusive (at
> worse) without having to add more of a burden to my and my users. Also,
> I can with a two line entry control access to all my boxes.
> Don't wanna get RBL'd? Keep your system tighened down. Someone does not
> get into RBLs by keeping their system configured correctly.
Gerry Creager -- gerry.creager at tamu.edu
Network Engineering -- AATLT, Texas A&M University
Cell: 979.229.5301 Office: 979.458.4020 FAX: 979.847.8578
Office: 903A Eller Bldg, TAMU, College Station, TX 77843
Beowulf mailing list, Beowulf at beowulf.org
To change your subscription (digest mode or unsubscribe) visit http://www.beowulf.org/mailman/listinfo/beowulf
More information about the Beowulf