[Dshield] dshield-based RBLs?

John Hardin johnh at aproposretail.com
Mon Jun 14 17:57:57 GMT 2004


On Sun, 2004-06-13 at 12:48, melvin smith wrote:

> When using my ISP its impossible to stop sending
> random packets to random machines all over the 
> country. I've tried and tried to stop it but its
> impossible. Even after a fresh format C:, reload
> OS, firewall, commview, etc. the very first session
> sends out calls to other unknown machines in random
> cities across the country.

This has little or nothing to do with your ISP, and much or everything
to do with your firewall software or firewall device.

Depending on the capabilities of your firewall software, you may or may
not be able to explicitly block all traffic on specific ports.

Also, bear in mind that your packet capture utility may hook into your
OS networking someplace *before* the firewall does, so you may be seeing
traffic that does eventually get blocked by the firewall software. The
most reliable way to monitor network traffic "on the wire" is from
another computer.

> Another thing that I find strange is the fact that
> the computer I hook-up to at my ISP is seven hops 
> away. 

That's not necessarily too surprising. ISP mail servers, IRC servers,
etc. may be quite a ways (in hops) away from the DSL/dial concentrator
that you connect to - especially if they are physically located in a
remote location (e.g. a national ISP, you're at one end of the country,
and the mail server's at the other).

> Its impossible to get any professional help
> despite the fact, that the professionals constantly
> point the finger at the average home user (me) as 
> the problem. On repeated occasions and at various
> venues I have offered to send screenshots of the
> packet logs** that display, in living color, all of 
> the forementioned traffic.

If there's any way to capture the logs to a text file, do it - you might
get more help. Screenshots are great for capturing UI issues and purty
pichers, but are lousy for conveying large amounts of raw data such as
firewall logs or packet captures.

> Unfortunately the pictures, actual photos, taken
> of the screen* need to be sent as an attachment.  
> And therin lies the rub.
> 
> Everyone, regardless of professional ability, 
> tells me that they are helpless to defend 
> against what may be hidden in an innocent 
> looking attachment. Gridlock.

...huh? Many people block executable attachments as a matter of security
policy, but static images (e.g. screenshots) are generally considered
safe. Movies straddle the borderline as some formats may include the
ability to be scripted or to call external programs.

If attachments are a problem, post the files (images, logs, etc.) to a
website and email the URL(s) for the file(s) instead of the files
themselves.

--
John Hardin  KA7OHZ                           <johnh at aproposretail.com>
Internal Systems Administrator                    voice: (425) 672-1304
Apropos Retail Management Systems, Inc.             fax: (425) 672-0192
-----------------------------------------------------------------------
  ...the Fates notice those who buy chainsaws...
                                             -- www.darwinawards.com
-----------------------------------------------------------------------
 30 days until Apropos Forum 2004




More information about the list mailing list