[Dshield] Firewall spam reduction link?
cef at optus.net
Thu May 26 00:46:51 GMT 2005
On Thursday 26 May 2005 00:58, Kenneth Coney wrote:
> What is really amazing to me is, this morning (and yesterday, and the
> day before and the day before that) when I log on instead of seeing the
> usual 200+ spam emails in my trash box, I am seeing about 40. Instead
> of having a 120 or so pop up during the day, I get maybe 10. Something
> major has changed. Two choices. 1) This weekend there was a major
> crackdown world wide on Spam boxes which no one has heard about. 2)
> Something about the former firewall program attracted spam. My machine
> is masked with both programs according to Gibson's Shields Up (I know,
> but hey, it is fast, and it is free). My experience leads me to suspect
> a certain well known US software manufacturer has a major security issue
> of their own. Probably in their auto update server. Something along
> the lines of, what is the current email address of your customer, thank
> you, now sending. Comments?
If you're running your own mailserver on said machine, then this is quite
possibly because you were off-line for most of a day. Your machine would have
probably got flagged as "down" so it's not getting hit as hard. Rest assured
the spam will increase over time.
If you're picking up mail from an ISP, is it possible that the same day that
you installed this new product, that they installed/upgraded an anti-spam
solution on their mailservers? Remember: While things like this may seem
likely, there are so many things going on in the chain between you and the
spammer, that a lot of things are quite possible.
Also: Did the free software find something installed on your machine at all?
It could be a piece of software was "calling home" and so reporting your
address somewhere. While you may think it's the big software companies AV
program, it may be something else entirely, and the only co-incidence is the
As for free software: I'm a big proponent of free software (specifically open
source), but I'm also a realist: Not all free software is created equal, and
the incentive of getting something for free should not be the only factor in
your choice. However, that said, it's unlikely (but not impossible) that
something where you are supplied the source code will contain something
deliberately malacious. Of course, to be positive of this, you'd want to
build it yourself, or get confirmation from either one or many third parties
(preferrably trusted in some way) that the code builds the same executable.
This doesn't prove there isn't deliberately malacious code in the source
(it's just compiling after all), but it does mean that if they've added
deliberate malacious code, they're hanging all their dirty laundry out in the
public eye, and someone could spot it by reviewing said code.
Stuart Young - aka Cefiar - cef at optus.net
More information about the list