- NZNOG - lists.nznog.org

New Team Cymru IP2ASN whois server
by Rob Thomas 25 Sep '03

25 Sep '03

Fellow networkers, Team Cymru is happy to announce the availability of a public whois server dedicated to mapping IP numbers to ASNs, located at whois.cymru.com. You can find the link to this tool at: http://www.cymru.com/BGP/whois.html This link has been added to our main BGP data page available at: http://www.cymru.com/BGP/index.html We have also extended the functionality of this daemon to support BULK IP submissions for those who wish to further optimize their queries with netcat. Following is a quick overview of how to use it: $ whois -h whois.cymru.com <IP> Where <IP> is replaced by the IP you'd like to map, like so: $ whois -h whois.cymru.com 4.2.2.1 ASN | IP | Name 3356 | 4.2.2.1 | LEVEL3 Level 3 Communications You can also include port information, and/or timestamps in your queries. Be sure to include quotes around your queries, or the daemon will interpret your request as multiple lines: $ whois -h whois.cymru.com "4.2.2.1 -0600 GMT" ASN | IP | Info | Name 3356 | 4.2.2.1 | -0600 GMT | LEVEL3 Level 3 Communications For instructions on how to submit BULK queries via netcat, simply issue the following command: $ whois -h whois.cymru.com help We hope you find this tool useful. Stay tuned for more features! If you have any comments or suggestions as to how we might improve this service, feel free to let us know! Thanks, Rob, for Team Cymru. -- Rob Thomas http://www.cymru.com ASSERT(coffee != empty);

1 0

Re: [nznog] MS viruses
by Ewen McNeill 25 Sep '03

25 Sep '03

In message <006c01c383e5$51ffe4a0$6403c80a(a)uranus.clear.co.nz>, "Barry Murphy" writes: >Hmm, I just had one of the MS update viruses slip through, how many >variants of this are there? 1Kb file ;/ I've seen several copies of Swen which have come through in "neutered" form, with the executable atachment either completely missing, or the MIME headers there for it but no encoded body, or a very short encoded body. (The only reason they're getting through is because of that: I'm filtering on the executable's MIME encoding, amongst other things.) As far as I can tell they're not varients so much as the email having been through some sort of (transparent?) email filter which stripped off the executable attachement. One of my clients had a bit of a panic over one of those "neutered" versions getting in (with a 78 byte attachement instead of the executable), but it all turned out to be harmless. That said, they were planning on adding more filter rules, just to avoid confused users (and the resulting flood of calls into the helpdesk). Of course I suspect there'll be a few more copycats before the year is out. Ewen

1 0

MS viruses
by Barry Murphy 25 Sep '03

25 Sep '03

Hmm, I just had one of the MS update viruses slip through, how many variants of this are there? 1Kb file ;/ Barry

3 3

19" Server Rack in Auckland area?
by Dan Clark 25 Sep '03

25 Sep '03

Hi Guys, Does anyone have a spare 2nd hand 19" server rack in the Auckland area (or there abouts). Please contact me off list. Kind Regards, Dan Clark Network Manager Scarfies.Net Ltd Wickliffe Ltd

1 0

Re: [nznog] IP / domain blocking for SPAM prevention
by david＠farrar.com 25 Sep '03

25 Sep '03

> On Fri, 2003-09-26 at 14:00, david(a)farrar.com wrote: > > > Oh I agree they do - but at the scale of the ISPs with > > 10 million+ customers or products that are in wide use. > > I can't see a spammer adjusting anything just because > > they read on a website that Ihug with 80,000 customers > > uses Spam Assassin. > > The key phrase there is "I can't see", it doesn't matter > what you can't see, it matters what the people (the ISP > industry) see, if they aren't comfortable giving out the > measures they take then any central page where people can > easily see what people are using will be useless. Well I don't think I have suggested it is going to be compulsory or anything. In fact it is only one of hundreds of possible aspects of an overall anti spam campaign. Of course it is up to ISPs to list whatever details they want. If no-one lists anything then we just have a very short page. I would suggest that more and more consumers will pick an ISP on the basis of services like spam filtering. I have helped several people swap ISPs from those who do not have anti spam technology to those who do. Ihug's spam assassin (free plug) has been a huge benefit to me and it's the best $2.50/mth I spend. Anyway enough bandwidth wasted on this. My last post on the topic. DPF

1 0

Re: [nznog] IP / domain blocking for SPAM prevention
by david＠farrar.com 25 Sep '03

25 Sep '03

Quite the opposite. It is because they are in wide use spammers will try and get past them. But the NZ market is so miniscule that a list of what NZ ISP uses what is going to have IMO zero effect on what products spammers try to work around. I have never said that spammers do not try to get around anti spam filters. I have just said that publicising what anti spam filter a NZ ISP uses, is not going to affect the behaviour of the spammer (Unless they were for some reason targetting that ISP as a revenge thing). DPF > Hi David, > > So are you saying that in your estimation, products like > spam assassin are not in wide use? > > jamie > > >>> <david(a)farrar.com> 26/9/2003 2:00:38 PM >>> > > david(a)farrar.com wrote: > > > > > I actually think it is highly unlikely that with the > > > way spammers work they would try to tailor spam > > > individually for each ISP to get past what they think > > > are its filters. We are not big enough for that. > > > They just throw out 100 million of them and hope say > > > 10 million of them get through and are not too worried > > > if it is 10.0 million or 10.05 million. > > > > Spammers do try to get past filtering, and use different > > methods for AOL, Hotmail, etc. Some try to poison > > auto-learning filters as well. > > Oh I agree they do - but at the scale of the ISPs with 10 > million+ customers or products that are in wide use. I > can't see a spammer adjusting anything just because they > read on a website that Ihug with 80,000 customers uses > Spam Assassin. > > DPF > _______________________________________________ > NZNOG mailing list > NZNOG(a)list.waikato.ac.nz > http://list.waikato.ac.nz/mailman/listinfo/nznog > >

1 0

Re: [nznog] IP / domain blocking for SPAM prevention
by david＠farrar.com 25 Sep '03

25 Sep '03

> david(a)farrar.com wrote: > > > Oh I agree they do - but at the scale of the ISPs with > > 10 million+ customers or products that are in wide use. > > I can't see a spammer adjusting anything just because > > they read on a website that Ihug with 80,000 customers > > uses Spam Assassin. > > And yes, spammers do try to get past Spam Assassin as > well. This is probably getting to the point of off topic, but I never said they didn't. But they try to get past spam assassin because it is a widely used spam filter, not because they are going to go a NZ website, read that hey Black Albatross use Spam Assassin, so hey I'd better try and get around it. DPF

1 0

Re: [nznog] IP / domain blocking for SPAM prevention
by david＠farrar.com 25 Sep '03

25 Sep '03

> david(a)farrar.com wrote: > > > I actually think it is highly unlikely that with the way > > spammers work they would try to tailor spam individually > > for each ISP to get past what they think are its > > filters. We are not big enough for that. They just > > throw out 100 million of them and hope say 10 million of > > them get through and are not too worried if it is 10.0 > > million or 10.05 million. > > Spammers do try to get past filtering, and use different > methods for AOL, Hotmail, etc. Some try to poison > auto-learning filters as well. Oh I agree they do - but at the scale of the ISPs with 10 million+ customers or products that are in wide use. I can't see a spammer adjusting anything just because they read on a website that Ihug with 80,000 customers uses Spam Assassin. DPF

3 2

Re: [nznog] IP / domain blocking for SPAM prevention
by Jamie Baddeley 25 Sep '03

25 Sep '03

Hi David, So are you saying that in your estimation, products like spam assassin are not in wide use? jamie >>> <david(a)farrar.com> 26/9/2003 2:00:38 PM >>> > david(a)farrar.com wrote: > > > I actually think it is highly unlikely that with the way > > spammers work they would try to tailor spam individually > > for each ISP to get past what they think are its > > filters. We are not big enough for that. They just > > throw out 100 million of them and hope say 10 million of > > them get through and are not too worried if it is 10.0 > > million or 10.05 million. > > Spammers do try to get past filtering, and use different > methods for AOL, Hotmail, etc. Some try to poison > auto-learning filters as well. Oh I agree they do - but at the scale of the ISPs with 10 million+ customers or products that are in wide use. I can't see a spammer adjusting anything just because they read on a website that Ihug with 80,000 customers uses Spam Assassin. DPF _______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog

1 0

Re: [nznog] IP / domain blocking for SPAM prevention
by david＠farrar.com 25 Sep '03

25 Sep '03

> On Fri, 2003-09-26 at 12:19, david(a)farrar.com wrote: > > > Probably an appropriate time for me to mention that one > > of the activities that the InternetNZ Spam Taskforce is > > looking at is an easy to access website where ISPs and > > others can list what spam technologies they use and have > > available (both at server level and for clients to use). > > So the spammers can see what systems that have to beat to > get their crap through, no thanks. > > I'd happily list on a page that said "These guys do > spam/anti virus filtering" so long as I didn't have to say > in detail what we did. People can give as much detail as they want. I would agree you would not want to list for example the exact filters in place (however noting that at http://www.mirror.ac.uk/sites/spamassassin.taint.org/spamassassin.org/tests… they do list the exact filters and SA works pretty damn well IMO), but detail such as "Use Brightmail", "Use Bayesian Filtering", "Use Spews blacklist" may be useful for consumer choice. Other details I would see as useful if whether the ISP actually filters or just labels so users can filter on the labels. Is the spam filter compulsory or opt-in. Does it cost extra. If they filter is there a spam recovery folder you can check for false positives etc. I actually think it is highly unlikely that with the way spammers work they would try to tailor spam individually for each ISP to get past what they think are its filters. We are not big enough for that. They just throw out 100 million of them and hope say 10 million of them get through and are not too worried if it is 10.0 million or 10.05 million. DPF

2 1