swinog May 2005

swinog@lists.swinog.ch

39 participants
23 discussions

Statement to the blacklist/sober.q problem at PWlan (Wireless Service)

by Martin Blapp

Diese Stellungsnahme habe ich sooeben von der Swisscom erhalten. Generell stellt sich die Frage was ein öffentlicher Wireless Service tun kann um dieses Problem zu lösen und wie man mit über Wireless versendete E-Mails behandelt so dass 'false-positives' vermieden werden können. Irgendwelche Ideen wie man das Problem angehen könnte ? ------------------------------------------------------------------------------- I've just received this statement to the swisscom pwlan blacklist problem which I've reported earlier to this list. AFAIK there is no easy solution to this problem and to avoid false positives in the spam-scanning prozess. Any creative ideas how to solve this ? ------------------------------------------------------------------------------- >Sie haben uns auf ein Problem aufmerksam gemacht, das wohl im Zusammenhang >mit dem Sober-Virus steht, von dem u.a. auch unsere PWLAN Kunden betroffen >sind. Besten Dank für Ihre Störungsmeldung und die uns zur Verfügung gestellten >detaillierten Unterlagen zu diesem Vorfall. > >Leider müssen wir Ihnen mitteilen, dass die gemachten Abklärungen bei unseren >Spezialisten vom PWLAN Netzbetrieb und Entwicklung ergeben haben, dass wir im >Moment keine Möglichkeit sehen, das von Ihnen gemeldete Problem zu beheben, >da wir die Verursacher der Spam-Mails nicht eruieren und herausfiltern können. > >In der Zwischenzeit haben wir unsere Supportorganisationen sowie die >Security-Abteilung über den Vorfall informiert (siehe Anhang). > >Wir bedauern sehr, dass Sie und Ihre Kunden von diesem Problem betroffen sind >und dadurch grosse Unannehmlichkeiten entstehen und bitten Sie um Verständnis. >Nochmals besten Dank für Ihre Unterstützung. >Probleme bei Mailversand über PWLAN im Zusammenhang mit Sober-Virus > >Ausgangslage: > >Wenn unsere Kunden den PWLAN-Service nutzen, wird für den Internetzugang eine >öffentliche IP-Adresse aus dem Bereich XXX.XXX.XXX.XXX - XXX.XXX.XXX.XXX >benutzt. Kunden haben uns mitgeteilt, dass diese IP-Adressen zur Zeit von >mehreren Firewall Blacklists ausserhalb von Swisscom, insbesondere bei >Mailprovidern, blockiert werden. > >Ursache: > >Wir vermuten, dass PCs, die mit dem Sober Virus verseucht sind, via >PWLAN-Service ungewollt Spam-Mails mit einer Absender-Adresse von PWLAN >versendet haben. >Als Folge davon wurden obige IP-Adressen im Firewall bzw. Spam-Filter gewisser >Mail-Provider automatisch vorübergehend gesperrt. Es ist für die Kunden eines >betroffenen Providers nicht mehr möglich, Mails via PWLAN zu verschicken. Es >können eventuell Mails verloren gehen und unter Umständen merkt der Kunde >nicht, dass seine Mails nicht abgeschickt wurden! > >Situation bei PWLAN von Swisscom: >Swisscom Mobile betreibt den Service PWLAN als Internet Service Provider ohne >Content Filterung, das heisst, wir wissen nicht, welche Kunden Spam-Mails >aussenden. Wir haben weder in den Hotspots noch im Data Center die Möglichkeit, >bestimmte PWLAN-Kunden abzufangen und zu identifizieren. > >Massnahmen: > >Leider sehen wir im Moment keine Möglichkeit, das aufgetauchte Problem zu lösen. >Die Spam Filter werden die betroffenen IP-Adressen nach unbestimmter Zeit wieder >freigeben. >Die Kunden sind darauf hinzuweisen, dass sie unbedingt ihre Antiviren-Software >aktualisieren sollen, damit sie nicht von diesem Virus betroffen werden und in >unserem Netz nicht weiterhin Spam-Mails verbreitet werden. Martin Blapp, <mb(a)imp.ch> <mbr(a)FreeBSD.org> ------------------------------------------------------------------ ImproWare AG, UNIXSP & ISP, Zurlindenstrasse 29, 4133 Pratteln, CH Phone: +41 61 826 93 00 Fax: +41 61 826 93 01 PGP: <finger -l mbr(a)freebsd.org> PGP Fingerprint: B434 53FC C87C FE7B 0A18 B84C 8686 EF22 D300 551E ------------------------------------------------------------------

18 years

Locking for a old SonicWall to buy

by Marcel Stutz

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, I search one of this Sonicwall to buy, if somewehre have one and like to sell it please contact me Offlist. * SonicWall Pro 19" Version * SonicWall Pro 100 19" Version * SonicWall Pro 200 19" Version * SonicWall Pro 300 19" Version Mit freundlichen Grüssen Marcel Stutz Netzwerk & Unix Administrator - ------------------------------------------------------------------ | Genotec Internet Consulting AG | E-Mail : marcel.stutz(a)genotec.ch Hegenheimermattweg 119a | Website : http://www.genotec.ch CH - 4123 Allschwil | -------------------------------- Schweiz | | Zentrale: +41 61 487 99 99 - ------------------------------- | Fax : +41 61 487 99 98 | Support : 0848 321 123 easy[hosting] | 500 MB, unl.Pointings, | -------------------------------- Subdomains und E-mails, | Supportanfragen bitte immer an Internetzugang und mehr | support(a)genotec.ch SFr. 150/Jahr | Web: http://support.genotec.ch | - ------------------------------------------------------------------ -----BEGIN PGP SIGNATURE----- Version: PGP 8.1 iQA/AwUBQos6Cm67Rst+AWkCEQI2NQCeIrRGyW++1Mlq3gY46zx0nx7h+csAn0Za onZYkCPUETJG1nrtWLCeV7BF =+V5E -----END PGP SIGNATURE-----

18 years

Blutige Selbstjustiz

by roger＠mgz.ch

Polizeiexperten warnen: Ethnisch abgeschottete Mafia-Clans sind kaum noch zu durchdringen. Die Gerichte tragen Mitschuld. Weiter auf: http://www.libasoli.de/2004/ethnoclans%20spiegel50_04.html

18 years

Re: [swinog] SPF implementation

by Daniel Rechsteiner

Hi Juerg, > I've run a little test whether Swiss ISPs use SPF or not and it turned > out that very few have actually implemented it (actually, I found not > a single one). Is there a reason for that? It's a very simple > implementation and it could prevent a lot of damage like the most > recent one after Sober.Q. We do, too. We offered our customers to implement SPF for their domains and some did, and most new customers have SPF too. People do not like spam or viruses being sent out with their address as sender so they were quite happy to hear about SPF (although it's sometimes hard to explain that SPF does not prevent these mails from being SENT...). Most customers are using SMTP AUTH and we're also offering port 587 in case port 25 is blocked. We are also filtering on SPF. It's not helping a LOT but it still is. And it's also filtering viruses. So in my experience SPF is a good thing, but I suppose implementing SPF in larger companies than ours can be quite difficult. Daniel BTW: Hostpoint has SPF records for all customers, although it's just "v=spf1 mx ?all" and thus quite useless.

18 years

Massiv Troubles with Green's messaging.ch Server?

by Benoit Panizzon

Hi all Some days ago I noticed the typical Microsoft SBS POP3 Connector Bug with Green's messaging.ch 'shared exchange server' Service. Their Server resent emails collected from a POP3 account to all recipients it found in the 'To:' line. At least they kept the Received: lines, so that the mailloops stopped themself after the maximal amount of hops was reached. From today on, they seam to have noticed the problem and start sending a bounce to all recipients found in the 'To:' header that is not on a domain hosted localy on their servers. Thus totaly confusing our customers who ring us up and start asking why their email was rejected by our server. (In fact they got the bounce from postmaster(a)messaging.ch) --- schnipp --- Von: postmaster(a)messaging.ch [mailto:postmaster@messaging.ch] Gesendet: Samstag, 14. Mai 2005 01:17 An: *(a)intergga.ch Betreff: Delivery Status Notification (Failure) This is an automatically generated Delivery Status Notification. Delivery to the following recipients failed. [...] Reporting-MTA: dns;mail.messaging.ch Received-From-MTA: dns;messaging.ch Arrival-Date: Sat, 14 May 2005 01:14:41 +0200 Final-Recipient: rfc822;*(a)cns.ch Action: failed Status: 5.5.3 Final-Recipient: rfc822;*(a)helvetiapatria.ch Action: failed Status: 5.5.3 Final-Recipient: rfc822;*(a)dplanet.ch Action: failed Status: 5.5.3 Final-Recipient: rfc822;*(a)finance-partner.ch Action: failed Status: 5.5.3 Final-Recipient: rfc822;*(a)netsurfer.ch Action: failed Status: 5.5.3 Final-Recipient: rfc822;*(a)pharmaplan.ch Action: failed Status: 5.5.3 Final-Recipient: rfc822;*(a)baut.admin.ch Action: failed Status: 5.5.3 (and so on for each address the customer had in it's 'To:' header field.) Any others seen that problem? Regards -Benoit- -- SPAM SPAM SPAM SPAM / Hormel's new miracle meat in a can Tastes fine, saves time. / If you want something grand, / Ask for SPAM! - Hormel's 1937 jingle for SPAM Hippopotomonstrosesquippedaliophobia sh: http://en.wikipedia.org/wiki/-phobia

18 years

FYI: MELANI-Information: Social Engineering mittels E-Mail

by Marco Huggenberger

" Information: Social Engineering mittels E-Mail (10.05.2005 12:22) Die rasante Verbreitung des Wurms Sober.O, der letzte Woche gefälschte E-Mails mit einer Bestätigung für Eintrittskarten zur Fussball-WM'06 in Deutschland verschickt hat, ist grösstenteils auf so genanntes Social Engineering zurückzuführen. http://www.melani.admin.ch/newsticker/00059/index.html?lang=de " -- Cheers M.

18 years

bad dog

by Philippe Strauss

now there's a dog with a rather bad attitude looking at my cats. I don't know what to do. <a href="http://philou.ch"> http://philou.ch/ </a>

18 years

Vorbildliche Aktion

by pascal.gloor＠spale.com

Lese selbst: http://www.npd.de/npd_info/deutschland/2004/d1204-24.html

18 years

EuroBSDCon 05 - Call for Papers

by Marc Winiger

EuroBSDCon 2005 - Call for Papers 4th European BSD Conference November 25 - 27, 2005 University of Basel, Switzerland http://www.eurobsdcon.org/ Introduction The Berkeley Software Distribution (BSD) family of computer operating systems is derived from software developed at the University of California at Berkeley. The various family members (Free-, Net- and OpenBSD, among others) are exten sively used both for embedded appliances and for large internet servers and have an excellent reputation for sta bility and state-of-the-art technology. BSD-derived soft ware is a driving force for IT research and development and is well-received as a building block in commercial software due to its unique license scheme. The fourth European BSD conference is a great opportunity to present new ideas to the community and to meet some of the developers behind the different BSDs. The two day conference program (Nov 26 and 27) will be com plemented by a tutorial day preceeding the conference (Nov 25). Call for Papers The program committee is inviting authors to submit innova tive and original papers not submitted elsewhere on the applications, architecture, implementation, performance and security of BSD-derived operating systems. Investigations on economic aspects regarding the operation of BSD systems are also welcome. Topics of interest for the Euro BSD Con ference 2005 include, but are not limited to: · kernel hacking · embedded application development and deployment · device drivers · security and safe coding practices · system administration: techniques and tools of the trade · operational and economic aspects Prospective authors of contributions to the technical pro gram are requested to submit an extended abstract through the web-interface on the conference website. All submissions will be reviewed by the program committee. The extended abstract should be at least two but no longer than four pages in either PostScript or-PDF format. Submissions accom panied by a non-disclosure agreement are not acceptable and will be returned unread. Authors of accepted submissions have to provide a full paper for publication in the conference proceedings and give per mission to the organizers to publish the results in the printed proceedings and on the conference web site. Instruc tions to authors will be available on the conference web site. Call for Tutorial Proposals Selected tutorials on practical and problem-solving aspects of BSD-derived operating systems will be offered on the day before the Euro BSD Conference. The tutorials will be pre sented by speakers who have wide experience in developing and administering the different BSDs. Potential tutorial themes include, but are not limited to: · Using FreeBSD in a datacenter environment · Firewall configuration with OpenBSD · Porting NetBSD to embedded devices · Safe coding practices to provide secure solutions If you are interested in presenting a tutorial, please con tact the program committee at pc(a)eurobsdcon.org with details about the topic, intended audience, required room and facil ities as well as a meaningful CV before August 1, 2005. Important Dates Extended abstracts due: August 1 Tutorial proposals due: August 1 Notification to speakers: August 31 Final papers due: October 20 Tutorial day: November 25 Conference: November 26 - 27 Conference Organizers General Chairs <chair(a)eurobsdcon.org> Marc Balmer, micro systems Vera Hardmeier, micro systems Program Chair <prog-chair(a)eurobsdcon.org> Christian Tschudin, CS Department, University of Basel Program Committee Marc Balmer, micro systems Emmanuel Dreyfus, the NetBSD project Felix Kronlage, bytemine Max Laier, the FreeBSD project André von Raison, iX Magazin Christian Tschudin, University of Basel Wim Vandeputte, the OpenBSD project Local Organizers Marc Balmer, micro systems Giacomo Cariello Marcus Glocker, UBS AG Vera Hardmeier, micro systems Massimiliano Stucchi, WillyStudios.com Marc Winiger, micro systems

18 years

Today's beer event

by Steven Glogger

hi there as you may see: the weather is just bad and it's too cold :-( so the "pumpi" will not be the a good place today and we have to move to the backup-place: so, it's now fixed to: Next Event: Date: 9th of May 2005 Time: starting around 18.30 o'clock Location: we go to the "Outback" Bahnhof Stadelhofen for informations: http://swinog.mrmouse.ch greetings -steven

18 years

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

swinog May 2005