spamhaus != SORBS
No wonder you post anonymously--it's embarrassing to be that stupid.
15 posts • joined 10 Feb 2009
I've seen a sample of what they were sending, and it includes this gem:
"Spamwise is ... a bona-fide IT
operation, offering a professional standard of advice and services to
So basically this "awareness-raising" wasn't meant to educate people about e-mail, but rather to raise awareness of the creator's consulting business.
Also, the assertion that website-scraping leads to 90% of the spam is just laughable. How many of your relatives' e-mail addresses show up on a google search? The vast majority of people don't have a website, nor do they post to publicly-archived mailing-lists, so they cannot be easily scraped.
On the other hand, compromising someone's machine to dump their Outlook contacts, or hijacking their social media account to scrape their friends list WILL yield a large number of e-mail addresses. I could list half a dozen other great ways to generate e-mail lists off the top of my head, but that's pointless.
This guy is an idiot and got what was coming to him. Playing the victim only makes him look him worse.
Simply plug-in a blank drive, OS X asks you if you would like to use it for back-ups, click through 2 or so dialogs, and bingo, regular back-ups down to the hour. Restoring files and complete system images works great (have used both features).
How could Microsoft possibly fail so badly when there are many great references implementations available?
Safari 5 has been nothing but great for me. Then again I don't try to cram my software full of third-party hacks and shims, so I can upgrade safely. This is exactly what Jobs was talking about in banning third-party development layers for iPhone: When Apple upgrades, the external developers won't properly modify their hacks in time and users will have a shitty experience.
Lower-case 'L' looks too much like an upper-case 'I', which would make JournaLPad be JournaiPad, that's what they're objecting to. Whether that's a valid trademark complaint... we'll, I find that a bit tough to believe, but it's not like any app with "pad" in it will need to be renamed.
I search of iTunes for apps with the word "pad" turned up roughly 230, most of which have "pad" in their name. If they tried to get 230 app developers to change the name of their app, it would be a much bigger story.
If idiots who didn't manage to configure their wireless correctly would stop posting in that discussion thread. Probably a good third or more of the posts are due to user error, and then they come back triumphantly claiming the "fix" for everyone is to "turn on WPA on your router" or something asinine like that.
"if root servers change, I should be able to ask any DNS for this. But it seems that thanks to the botnets, this will be blocked as well."
Root server lists are still handled the same way they were back when I started using the Internet in the early '90s: a flat text file that you download from INTERNIC. There's also a fall-back copy hard-coded into BIND.
Also, the demise of the "interconnected" Internet didn't start with RFC1918 IP addresses, it started with the Morris Worm when people realized that a default-trusting security model didn't make any sense if there was so much as one malicious user on the network.
Get your history straight.
Since I'm writing this, I might as well tell Enigma9 to pull their head out from between their legs as well. Modern malware isn't written for clueless script kiddies, it's written for calculating criminals. Thinking that giving youngsters a sobering lesson will stop Internet attacks is mind-numbingly naïve. Are you perhaps an incarnation of n3td3v? You're as uninformed, but loudly opinionated as that twit. Get a job you waste of electrons.
There's no RFC that I'm aware of that says providers should accept traffic from their customers with clearly forged origins. On the other hand, BCP38/RFC2827 has existed since 2000 and describes what ISPs should do to filter their traffic to prevent exactly this sort of attack. Sadly, most providers do not filter traffic from their customers to prevent packets with source IP addresses that are not within the networks they advertise.
For one thing, only version of BIND earlier than 9.4 are vulnerable in the "best practice" configuration to the amplification effect. In 9.4 and later with recursion disabled for external clients, the response to the forged requests is "REFUSED", rather than the list of root servers. This makes the reflected traffic actually slightly smaller than the original request, thus defeating the amplification.
Also, it is possible to block the forged datagrams with a firewall without blackholing the victim. The vast majority (all?) of the victim DNS servers are authoritative-only servers that don't service requests for recursion, so blocking datagrams coming "from" them that have a source port other than 53, and destination port of 53 is completely safe. It's also possible in some firewalls to use byte-offset inspection features to specifically block requests for '.' going to your DNS servers.
There have been extensive discussions on the NANOG, BIND-users, and dnsops mailing lists. It's certainly recommended reading. Google is your friend here (hint, use site:). Try "amplification", "queries for root", "./NS/IN", "dns ddos", etc...
As a final note, I wrote a quick & dirty log parser that examines BIND log for the current hour to see how many queries for '.' there have been and what IPs are being targeted by them:
Biting the hand that feeds IT © 1998–2021