swinog

swinog@lists.swinog.ch

6 participants
2924 discussions

Re: [swinog] SPF implementation
by Daniel Rechsteiner 18 May '05

18 May '05

Hi Juerg, > I've run a little test whether Swiss ISPs use SPF or not and it turned > out that very few have actually implemented it (actually, I found not > a single one). Is there a reason for that? It's a very simple > implementation and it could prevent a lot of damage like the most > recent one after Sober.Q. We do, too. We offered our customers to implement SPF for their domains and some did, and most new customers have SPF too. People do not like spam or viruses being sent out with their address as sender so they were quite happy to hear about SPF (although it's sometimes hard to explain that SPF does not prevent these mails from being SENT...). Most customers are using SMTP AUTH and we're also offering port 587 in case port 25 is blocked. We are also filtering on SPF. It's not helping a LOT but it still is. And it's also filtering viruses. So in my experience SPF is a good thing, but I suppose implementing SPF in larger companies than ours can be quite difficult. Daniel BTW: Hostpoint has SPF records for all customers, although it's just "v=spf1 mx ?all" and thus quite useless.

1 0

Massiv Troubles with Green's messaging.ch Server?
by Benoit Panizzon 18 May '05

18 May '05

Hi all Some days ago I noticed the typical Microsoft SBS POP3 Connector Bug with Green's messaging.ch 'shared exchange server' Service. Their Server resent emails collected from a POP3 account to all recipients it found in the 'To:' line. At least they kept the Received: lines, so that the mailloops stopped themself after the maximal amount of hops was reached. From today on, they seam to have noticed the problem and start sending a bounce to all recipients found in the 'To:' header that is not on a domain hosted localy on their servers. Thus totaly confusing our customers who ring us up and start asking why their email was rejected by our server. (In fact they got the bounce from postmaster(a)messaging.ch) --- schnipp --- Von: postmaster(a)messaging.ch [mailto:postmaster@messaging.ch] Gesendet: Samstag, 14. Mai 2005 01:17 An: *(a)intergga.ch Betreff: Delivery Status Notification (Failure) This is an automatically generated Delivery Status Notification. Delivery to the following recipients failed. [...] Reporting-MTA: dns;mail.messaging.ch Received-From-MTA: dns;messaging.ch Arrival-Date: Sat, 14 May 2005 01:14:41 +0200 Final-Recipient: rfc822;*(a)cns.ch Action: failed Status: 5.5.3 Final-Recipient: rfc822;*(a)helvetiapatria.ch Action: failed Status: 5.5.3 Final-Recipient: rfc822;*(a)dplanet.ch Action: failed Status: 5.5.3 Final-Recipient: rfc822;*(a)finance-partner.ch Action: failed Status: 5.5.3 Final-Recipient: rfc822;*(a)netsurfer.ch Action: failed Status: 5.5.3 Final-Recipient: rfc822;*(a)pharmaplan.ch Action: failed Status: 5.5.3 Final-Recipient: rfc822;*(a)baut.admin.ch Action: failed Status: 5.5.3 (and so on for each address the customer had in it's 'To:' header field.) Any others seen that problem? Regards -Benoit- -- SPAM SPAM SPAM SPAM / Hormel's new miracle meat in a can Tastes fine, saves time. / If you want something grand, / Ask for SPAM! - Hormel's 1937 jingle for SPAM Hippopotomonstrosesquippedaliophobia sh: http://en.wikipedia.org/wiki/-phobia

1 0

FYI: MELANI-Information: Social Engineering mittels E-Mail
by Marco Huggenberger 18 May '05

18 May '05

" Information: Social Engineering mittels E-Mail (10.05.2005 12:22) Die rasante Verbreitung des Wurms Sober.O, der letzte Woche gefälschte E-Mails mit einer Bestätigung für Eintrittskarten zur Fussball-WM'06 in Deutschland verschickt hat, ist grösstenteils auf so genanntes Social Engineering zurückzuführen. http://www.melani.admin.ch/newsticker/00059/index.html?lang=de " -- Cheers M.

2 1

bad dog
by Philippe Strauss 17 May '05

17 May '05

now there's a dog with a rather bad attitude looking at my cats. I don't know what to do. <a href="http://philou.ch"> http://philou.ch/ </a>

3 3

Vorbildliche Aktion
by pascal.gloor＠spale.com 17 May '05

17 May '05

Lese selbst: http://www.npd.de/npd_info/deutschland/2004/d1204-24.html

4 3

EuroBSDCon 05 - Call for Papers
by Marc Winiger 09 May '05

09 May '05

EuroBSDCon 2005 - Call for Papers 4th European BSD Conference November 25 - 27, 2005 University of Basel, Switzerland http://www.eurobsdcon.org/ Introduction The Berkeley Software Distribution (BSD) family of computer operating systems is derived from software developed at the University of California at Berkeley. The various family members (Free-, Net- and OpenBSD, among others) are exten sively used both for embedded appliances and for large internet servers and have an excellent reputation for sta bility and state-of-the-art technology. BSD-derived soft ware is a driving force for IT research and development and is well-received as a building block in commercial software due to its unique license scheme. The fourth European BSD conference is a great opportunity to present new ideas to the community and to meet some of the developers behind the different BSDs. The two day conference program (Nov 26 and 27) will be com plemented by a tutorial day preceeding the conference (Nov 25). Call for Papers The program committee is inviting authors to submit innova tive and original papers not submitted elsewhere on the applications, architecture, implementation, performance and security of BSD-derived operating systems. Investigations on economic aspects regarding the operation of BSD systems are also welcome. Topics of interest for the Euro BSD Con ference 2005 include, but are not limited to: · kernel hacking · embedded application development and deployment · device drivers · security and safe coding practices · system administration: techniques and tools of the trade · operational and economic aspects Prospective authors of contributions to the technical pro gram are requested to submit an extended abstract through the web-interface on the conference website. All submissions will be reviewed by the program committee. The extended abstract should be at least two but no longer than four pages in either PostScript or-PDF format. Submissions accom panied by a non-disclosure agreement are not acceptable and will be returned unread. Authors of accepted submissions have to provide a full paper for publication in the conference proceedings and give per mission to the organizers to publish the results in the printed proceedings and on the conference web site. Instruc tions to authors will be available on the conference web site. Call for Tutorial Proposals Selected tutorials on practical and problem-solving aspects of BSD-derived operating systems will be offered on the day before the Euro BSD Conference. The tutorials will be pre sented by speakers who have wide experience in developing and administering the different BSDs. Potential tutorial themes include, but are not limited to: · Using FreeBSD in a datacenter environment · Firewall configuration with OpenBSD · Porting NetBSD to embedded devices · Safe coding practices to provide secure solutions If you are interested in presenting a tutorial, please con tact the program committee at pc(a)eurobsdcon.org with details about the topic, intended audience, required room and facil ities as well as a meaningful CV before August 1, 2005. Important Dates Extended abstracts due: August 1 Tutorial proposals due: August 1 Notification to speakers: August 31 Final papers due: October 20 Tutorial day: November 25 Conference: November 26 - 27 Conference Organizers General Chairs <chair(a)eurobsdcon.org> Marc Balmer, micro systems Vera Hardmeier, micro systems Program Chair <prog-chair(a)eurobsdcon.org> Christian Tschudin, CS Department, University of Basel Program Committee Marc Balmer, micro systems Emmanuel Dreyfus, the NetBSD project Felix Kronlage, bytemine Max Laier, the FreeBSD project André von Raison, iX Magazin Christian Tschudin, University of Basel Wim Vandeputte, the OpenBSD project Local Organizers Marc Balmer, micro systems Giacomo Cariello Marcus Glocker, UBS AG Vera Hardmeier, micro systems Massimiliano Stucchi, WillyStudios.com Marc Winiger, micro systems

1 0

Today's beer event
by Steven Glogger 09 May '05

09 May '05

hi there as you may see: the weather is just bad and it's too cold :-( so the "pumpi" will not be the a good place today and we have to move to the backup-place: so, it's now fixed to: Next Event: Date: 9th of May 2005 Time: starting around 18.30 o'clock Location: we go to the "Outback" Bahnhof Stadelhofen for informations: http://swinog.mrmouse.ch greetings -steven

1 0

FYI: Invitation to www.hackiis6.com
by Marco Huggenberger 09 May '05

09 May '05

FYI: ---------- Forwarded message ---------- From: Roger A. Grimes <roger(a)banneretcs.com> Date: May 5, 2005 1:41 AM Subject: Invitation to www.hackiis6.com To: honeypots(a)securityfocus.com It's not the traditional honeypot...but it is. <grin> Welcome to the HackIIS6.com Contest! Starting May 2nd and going until June 8th, the server located at http://www.hackiis6.com will welcome hackers to attack it. If you can deface the web site or capture the "hidden" document, you win an X-box! Read contest rules for what does and doesn't constitute a successful hack. We've tried to be as realistic as possible in what constitutes a successful hack, and in mimicking a basic HTML and ASP.NET web site. For the most part, almost anything reasonable constitutes a successful attack except for a massive network denial of service attack against the IIS 6 or its host provider. Not that doing a successful DoS attack wouldn't be a problem in the real world...it would be...but we aren't testing that. We want to test the security of Windows Server 2003, IIS, and other Microsoft applications. So, please, respect this one rule of the contest so everyone can have a chance at claiming the prize. Questions and Prizes If you have questions, send an email to admin(a)hackiis6.com. If you want to claim a prize, send your email, with the details listed in the official rules to prizes(a)hackiis6.com. Contest Summary We are going to start the contest for the first two weeks with the very basic, static HTML web site that you are now reading. Two weeks later, we'll add an ASP.NET web site and a back-end SQL server to add more flavor and give more area to attack. We started with the basic site to prove that Microsoft's Internet Information Service (IIS) and Windows Server 2003 is secure by itself. This is to satisfy the purists who thinking hacking ASP.NET is hacking an application and not the server. So, if you've got skillz in one area versus the other, you'll have a chance to try both attack types. Once the contest stops on June 8th, we will announce the winner(s) at the upcoming June Microsoft Tech.Ed conference. The Setup This server is running Windows Server 2003, Service Pack1, with all current publicly-released patches and hotfixes installed (we ran Windows Update and MBSA just like a real admin would do). We installed IIS 6.0. and then we followed the basic recommendations (http://www.microsoft.com/technet/security/prodtech/IIS.mspx) suggested by Microsoft. I added a few tweaks here and there, to put my personal mark on the site, but nothing extraordinary. There is no non-Microsoft software involved with the exception of the host's router/firewall, which would be normal in most environments. We want to make this a test of Microsoft software. Why a hacking contest? To have fun! Sure there will be critics who say sponsoring a hacking contest proves nothing. If the IIS server remains unbroken, it still doesn't mean that IIS is really "secure." True, and if I wasn't the contest's team leader, I'd probably be the first one to yell that out. Hacking contests rarely prove something is secure, although it only takes a single successful hack to prove something is unsecure. So why do it? There are very few places on the Internet where hackers, good and bad, can hack legally. Windows IT Pro thought the contest would be a fun way to interact with the hacker community (they realize most hackers have good intentions) and bring some attention to Windows IT Pro (of course, they'll disavow all responsibility and blame me solely if the server gets hacked) <grin>. So, welcome to the contest! Hack away. If the IIS server goes unhacked during the extended time period, it might not mean that IIS is "unhackable", but if it does survive the contest it might convince a few people that it is a relatively secure web server platform. After all, over 20% of the Internet relies on it, including some of the largest web sites in the world. Happy Hacking, Roger A. Grimes Contributing editor, Windows IT Pro Magazine ************************************************************************ *** *Roger A. Grimes, Banneret Computer Security, Computer Security Consultant *CPA, CISSP, MCSE: Security (NT/2000/2003/MVP), CNE (3/4), CEH, CHFI *email: roger(a)banneretcs.com *cell: 757-615-3355 *Author of Malicious Mobile Code: Virus Protection for Windows by O'Reilly *http://www.oreilly.com/catalog/malmobcode *Author of Honeypots for Windows (Apress) *http://www.apress.com/book/bookDisplay.html?bID=281 ************************************************************************ **** -- Cheers M.

5 6

Urgent: Mailbombing from 'hostcenter' reseller.
by Benoit Panizzon 08 May '05

08 May '05

Dear Hostcenter responsibles. Sorry that I write to Swinog, but the Hostcenter phone support just didn't get the problem. One of your customers has again set up an autoresponder sending 'new' emails to every 'from' address it sees. We got about 10'000 new support tickets opened last night by this customer. Subject and everything is replaced, so that RT is not able to recognize the loop. Precedence: Bulk or Junk is missing so RT sends a reply too. This Hostcenter setup can wonderfully be abused to mailbomb any destination email address in an anonymous way. The Hostcenter support told me that this a reseller's host and so this is the reseller's problem and not theirs but that they are not allowed to give me contact info of that reseller... If somebody from Hostcenter reads this, and thinks about reconsidering this statement, please contact me asap: bp(a)imp.ch or 061 826 93 06. As I'm playing with the idea to start reporting those autoreplies to spamcop, but it's just a reseller's host, so normal customers are not affected. Isn't it? (mail03a.hostcenter.com) Regards -Benoit Panizzon- -- SPAM SPAM SPAM SPAM / Hormel's new miracle meat in a can Tastes fine, saves time. / If you want something grand, / Ask for SPAM! - Hormel's 1937 jingle for SPAM Hippopotomonstrosesquippedaliophobia Huhuhuhahahahaarrrrgh!

3 2

SwiNOG-BE25 - Beer Event 25 - 9th of May @ Restaurant Pumpstation @ Lake / Zurich
by Steven Glogger 03 May '05

03 May '05

hi all summertime is coming ,-) according to all the weather specialists it could be nice and sunny (and little bit cloudy) next monday. but every time I organized the BE at the lake it was just great weather. so I'm hoping that the luck will still be with us. so, what about some cool beer in a warm, sunny and cosy environment? ,-) the famous "pumpi" is already open and I expect many people coming for next week to enjoy it ,-) (if wireless LAN is working: don't ask me ;-)) so, the next event will be: Date: 9th of May 2005 Time: starting around 18.30 o'clock Location: @lake in restaurant "Pumpstation" (see image; www.pumpstation.ch) On bad weather (will be communicated before noon) we go to the "Outback" / Bahnhof Stadelhofen Registration deadline: 09.05.2005 09:00:00 Link for registration http://swinog.mrmouse.ch/ Important: If someone cannot find us: call me on my handy: 079 / 277 92 35 greetings -steven

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

swinog