Ok sorry sorry sorry The last like has 6 not 5 it could be Does not harm Linux or even Does not harm Unix so as not to alienate any BSD people On Wed, Aug 21, 2002 at 11:13:19AM +1200, Dean Pemberton wrote:

Another spam tool, Darwin may work on OS, Does not effect Linux

- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog

At 11:42 AM +1200 21/8/02, Gordon Smith wrote:

Looks like a copy of an open source tool that was around some time ago. Also has bogus domain registration details, and the address on the site is in spammer paradise (Florida).

I believe that the MS NET SEND command relies on NetBIOS over TCP, so having something like this at the borders should make it a non-issue:

access-list 101 deny tcp any any eq 137 access-list 101 deny tcp any any eq 138 access-list 101 deny tcp any any eq 139

Are you suggesting that the ISP should do this, or the customer? Personally, I'm reluctant to block ports unless as part of an extra service, else the help desk has to deal with anguished requests as to why application 'x' suddenly stopped working. -- Michael Newbery IP Architect TelstraClear Limited - To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog

Yep. Flames away :-) Problem is, more than a few customers have enough trouble switching their PC on, let alone understanding security. Chasing them down and fixing their problems would not be economically viable. (Or conducive to retaining any form of sanity). The clueful could VPN their insecure protocols... Cheers, Gordon Smith CCNA Network Operations Manager MoreNet Ltd

-----Original Message----- From: owner-nznog(a)list.waikato.ac.nz [mailto:owner-nznog(a)list.waikato.ac.nz] On Behalf Of Juha Saarinen Sent: Wednesday, 21 August 2002 12:00 PM To: Michael Newbery Cc: nznog(a)list.waikato.ac.nz Subject: RE: Next generation of SPAM

ISPs who don't mind going that extra (no, not Xtra) mile, should advise their customers not to leak NetBIOS to the Internet, as it's a security hazard... in my opinion, for which I'll probably be flamed crisp shortly. ;-)

-- Juha Saarinen

- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog

On Wed, 21 Aug 2002, Dean Pemberton wrote:

Certainly a large part of the Conference was dedicated to DoS and such like. Are any providers giving any thought to offering a firewall service for customers.

It's worth considering. On the one hand, I understand that ISPs see themselves as telcos/carriers, with no responsibility for the traffic on the network. OTOH, telcos act on nuisance calls made through their networks.

Either at the edge, or the Super-Duper Core =)

The one with 99.9995% uptime? -- Juha Saarinen - To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog

All of these situations have solutions. Not all of them are cheap and easy. Dean On Wed, 2002-08-21 at 10:27, Mark Foster wrote:

We got spammed by Telecom recently with some product theyre offering over IPNet and ADSL that allows this (or that was how I interpreted it)...

The difficulty with firewalling anyone is the media their service is delivered on; for Frame/DDS It might be easier but for Jetstream its not, unless we provide a plug-in-box that gets put in at the clients side.... then youve got the maintenance overhead, etc etc. :P

And what about layer 2? Only certain people can influence that in most cases...

At 12:15 21/08/02 +1200, you wrote:

...

Certainly a large part of the Conference was dedicated to DoS and such like. Are any providers giving any thought to offering a firewall service for customers.

Either at the edge, or the Super-Duper Core =)

Dean - To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog

- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog

We are. I'd love to do it in the super-duper core, but I'm pretty sure that it'd be a super-duper price too Unless of course you're doing super-duper Juniper discounts :-) -"buy a chassis and we'll throw in some blades" Cheers, Gordon Smith CCNA Network Operations Manager MoreNet Ltd

Certainly a large part of the Conference was dedicated to DoS and such like. Are any providers giving any thought to offering a firewall service for customers.

Either at the edge, or the Super-Duper Core =)

Dean

- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog

On Wed, 21 Aug 2002, J S Russell wrote:

Or not, perhaps. I can see that conversation:

HELPDESK: "Hi there, this is your ISP, you should stop leaking netbios to the internet, it's easy to block..."

CUSTOMER: [mumbles something about automatic computer cupholders]

HELPDESK: "...I'll give you a list of TCP ports now.."

CUSTOMER: "Is this about The Interweb?"

HELPDESK: "..start with ports 137, 138..."

CUSTOMER: "I installed Bonzai Buddy! He's _purple_!"

HELPDESK: "..1 3 ...9 ... ah, forget it." [Click]

Multiple this by however many thousand customers you have, and feeeeeel the pain.

Very true, but... you're forgetting about this conversation: CUSTOMER: "I AM BEING HACKED! ZoneFireProtector says someone's attacking me with NetBIOS!!! You must help me!!!" HELPDESK: "It's nothing to worry about, probably just broadcast traffic." CUSTOMER: "Oh my goaaaaaaaaaaddddd! What are they broadcasting? My credit card information? Why aren't you doing anything? What the hell is wrong with you???" HELPDESK: "Have you tried installing Bonzai Buddy? He's *purple*!" -- Juha Saarinen - To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog