[Dshield] Extreme increase in spam attempts... any one elseseeing similar event?

Tomas L. Byrnes tomb at byrneit.net
Sat Aug 18 17:42:31 GMT 2007


You're missing the most basic reason for the "backscatter problem". The
default configuration for exchange servers creates it, you couldn't
disable it until Exchange 2003, and MS doesn't message changing config
to prevent it in any of their best practices or courses.

The average IT staffer is overworked, underpaid, and only knows what MS
and CISCO taught him in training, if they even got that.

Don't blame them for doing their job to the best of their ability with
the information they have been given.

The blame rests with the vendors and oss projects that create systems
that are insecure by default, and require an MS in computer science to
understand and properly operate.

The REAL blame rests with the criminals who abuse other's resources fro
their own financial gain. They're not hackers, they're CROOKS.

 

> -----Original Message-----
> From: list-bounces at lists.dshield.org 
> [mailto:list-bounces at lists.dshield.org] On Behalf Of Jim McCullough
> Sent: Friday, August 17, 2007 8:32 PM
> To: General DShield Discussion List
> Subject: Re: [Dshield] Extreme increase in spam attempts... 
> any one elseseeing similar event?
> 
> I do agree that the main problem is the MTA configuration.
> Unfortunately, some of the cases are basic ignorance of the 
> RFC's and standards that exist.  I have seen this in alot of 
> cases where one person handles a server and tries to do the 
> workload of 10 positions.
> Some people have the ability to handle it and keep everything 
> going properly.  Most people dont, and that is where we have 
> alot of the backscatter problems.
> 
> Basically I see it as 3 different points, 1) ignorance ( in 
> lack of education/understanding - no disrespect intended for 
> those who dont know ), 2) laziness on not taking the time to 
> fix the problem, and 3) blatent dont give a !#$@$% about the world.
> 
> This is an issue I have delt with for about 9 years now.  And 
> like most people who handle dealing with filtering spam, it 
> has become a sore point.  Unfortunately, blocking out based 
> on backscatter will not solve the root cause of the issue.  
> It only temporarily masks the symtoms, until some other poor 
> domain gets nailed.
> 
> On 8/17/07, Abuse <abuse at what4now.com> wrote:
> > ** Reply to message from "Jim McCullough" 
> <jim.mccullough at gmail.com> 
> > on Fri, 17 Aug 2007 20:02:08 -0400
> >
> > > Just as an afterthought, we previously discussed 
> backscatter and to 
> > > prevent a repeat of the last thread with it.  I think this thread 
> > > should stay on its course and not go back down the MTA 
> configuration 
> > > issue again.
> >
> > Why not?  The main problem of backscatter is badly 
> configured MTAs.  I 
> > have seen on "this list" a few people claim that they can not 
> > configure their mail server properly for a variety of 
> reasons none of which are valid.
> >
> > When I get backscatter to my personal email address they 
> get reported 
> > to spamcop.  There is no reason for this crap.
> > _________________________________________
> > SANSFIRE 2007 July 25-August 2 in Washington, DC.  56 courses, SANS 
> > top instructors, and a great tools and solutions expo. 
> Register today!
> > http://www.sans.org/info/4651 (brochure code ISC)
> >
> 
> 
> --
> Jim McCullough
> 
> "Just because the standard provides a cliff in front of you, 
> you are not necessarily required to jump off it."
> 
>     Norman Diamond
> _________________________________________
> SANSFIRE 2007 July 25-August 2 in Washington, DC.  56 
> courses, SANS top instructors, and a great tools and 
> solutions expo. Register today!
> http://www.sans.org/info/4651 (brochure code ISC)
> 



More information about the list mailing list