[Dshield] Firewall spam reduction link?

Kenton Smith kenton at mail2techie.com
Thu May 26 18:58:28 GMT 2005


I'm a little confused by your email here and it may be because you're
trying to hide the identity of the vendor (Symantec?). It would be way
easier for people to help if you just told us what you are using. Also,
how familiar are you with how both of these products actually work? 
You talk about spam and you also mention pop-ups. 
Spam - most likely the default rules and the dictionaries that are being
used are different. Also, as has been mentioned, maybe your ISP updated
their filters as well. I know that I can go for a while getting lots of
spam from my ISP hosted mail, and then all of a sudden there is nothing
for a few weeks. This is most likely due to the constant tuning of the
filters. 
Pop-ups - are these pop-ups that are appearing that are unrelated to the
browsing you are doing and even when you are not browsing? This is
usually related to spyware and may or may not be controlled by any
vendor's firewall product. If they are just normal pop-ups from the web
sites you are visiting, again it may be a tuning thing. Could it be that
the default for your new product blocks all pop-ups while the blocker in
your old product was only blocking 3rd party pop-ups? Hard to say, but I
think suggesting a security flaw is a little premature. 

Kenton 

>-----Original Message----- 
>From: list-bounces at lists.dshield.org 
>[mailto:list-bounces at lists.dshield.org]On Behalf Of Kenneth Coney 
>Sent: Wednesday, May 25, 2005 10:59 AM 
>To: list at lists.dshield.org 
>Subject: [Dshield] Firewall spam reduction link? 
> 
> 
>For a year or so I have had a well known firewall/AV program from a
well 
>known US company on this machine. I have been getting about 340 spam 
>emails a day. View of IPs show they come from all over the world, and 
>they are also in lots of different languages. I never suspected any 
>connection. The embedded spam' filter does a fine job of flagging spam 
>and putting it in the trash box. One of the annoying things about this 
>software package is every so often some module or another goes bad 
>here. I will suddenly discover I am unable to enter the advanced screen
>to tweak a firewall rule (java script error), or most recently a 
>download will just refuse to install even if when I refreshed the live 
>update and followed all the delete in documents advice on the companies
>site. I usually wind up uninstalling and reinstalling to fix the 
>problem. I think it has been about four or five times in two years I 
>have had to do so. Of course after each reinstall then it is necessary 
>to go online with the dial up and download 16 to 30 megs of update 
>files. A very slow process w/o broadband. This is a one man shop and 
>no money is being earned when I sit in front of the computer waiting
for 
>download prompts. I have also been annoyed for a long time by the 
>software firewall/AV package's insistence on automatically downloading 
>url updates and spam updates even though parental controls are off. 
>Anyway this week the program displayed indications of yet another 
>internal malfunction. I refused to kill a day reinstalling and updating
it. 
> 
>Instead this weekend I downloaded a free firewall from a competing 
>foreign company and then deleted the existent firewall package. Okay, I
>killed most of a day on that install, doing the updates and setting up 
>the rules configuration. I figured, why not? Either way I would lose a 
>day. Incidently the updates were much smaller as there is no parental 
>censorship of urls embedded in the free program and no spam controls 
>either. Setting up or installing a filter is up to the user. 
> 
>It has been four days now. No major problems noted, but that is not the
>point of this writing. 
> 
>What is really amazing to me is, this morning (and yesterday, and the 
>day before and the day before that) when I log on instead of seeing the
>usual 200+ spam emails in my trash box, I am seeing about 40. Instead 
>of having a 120 or so pop up during the day, I get maybe 10. Something 
>major has changed. Two choices. 1) This weekend there was a major 
>crackdown world wide on Spam boxes which no one has heard about. 2) 
>Something about the former firewall program attracted spam. My machine 
>is masked with both programs according to Gibson's Shields Up (I know, 
>but hey, it is fast, and it is free). My experience leads me to suspect
>a certain well known US software manufacturer has a major security
issue 
>of their own. Probably in their auto update server. Something along 
>the lines of, what is the current email address of your customer, thank
>you, now sending. Comments? 
> 
> 
>-------------- Sponsor Message ------------------------------------ 
>Join us at SANSFIRE 2005 in Atlanta! 
>The Internet Storm Center Conference. 
>Details: http://www.sans.org/sansfire2005 
> 
>_______________________________________________ 
>send all posts to list at lists.dshield.org 
>To change your subscription options (or unsubscribe), see: 
>http://www.dshield.org/mailman/listinfo/list 
> 
>-------------- Sponsor Message ------------------------------------ 
>Join us at SANSFIRE 2005 in Atlanta! 
>The Internet Storm Center Conference. 
>Details: http://www.sans.org/sansfire2005 
> 
>_______________________________________________ 
>send all posts to list at lists.dshield.org 
>To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list 
> 
>. 


<span id=m2wTl><p><font face="Arial, Helvetica, sans-serif" size="2" style="font-size:13.5px">_______________________________________________________________<BR>Get the FREE email that has everyone talking at <a href=http://www.mail2world.com target=new>http://www.mail2world.com</a><br>  <font color=#999999>Unlimited Email Storage &#150; POP3 &#150; Calendar &#150; SMS &#150; Translator &#150; Much More!</font></font></span>


More information about the list mailing list