Swedish ISP Blocks Computers That Send Spam

snuppepuppan writes "One of Sweden's largest ISPs, Telia starts to block computers that send spam. 'The computers that Telia will block are primarily those that have been infected with "trojans" which are being used, without the customer's knowledge, to send enormous amounts of spam.'"

Second post, but first with a smiley??????

[ShadowBlasko]

Okay, I know this is offtopic as hell.

But guys, I mean, I read the journal entries about moving to the new building, and the server problems, as well as the efforts to update the "look and feel" of slashdot a bit, but these smileys? They gotta go man.

I'm all for updating, and keeping with the times, but what was wrong with nice little colored dots?

(sigh)

I feel like I am on some second-rate blog site now.

Then again, maybe it will just take some getting used to.

Sorry for the off topic post, But perhaps this might generate some discussion in regards to this issue?

Re:Second post, but first with a smiley??????

[stefanlasiewski]

It's interesting that all of the images except the smileys are broken.

It's a wierd conspiracy. You will obey the cheeseball smiley faces...

Re:Second post, but first with a smiley??????

Is there somekind of graphical smiley thing in Slashdot now? :) :-) ;) ;-) :( :-(

a great idea

[batray]

If more ISPs took spam complaints seriously and acted on them quickly the net would be a better place. However it is has been my experience that abuse desks are mostly staffed by the clueless.
For me the dominant source of spam that I get now comes from infected computers, since DNSBLs have rendered fixed spaming IPs impotent.

Re:a great idea

[BrokenHalo]

abuse desks are mostly staffed by the clueless.

That's where they are staffed at all. There are all too many ISPs who appear to be happy to turn a blind eye to this type of activity, in spite of the fact that it costs them money.

Re:a great idea

[ClosedGL]

I think there is a lack of skills. Many ISPs employ call centre staff that have crib sheets infront of them and if the problem isn't outlined on the sheet, then it ain't getting solved.

Re:a great idea

[Zocalo]

abuse desks are mostly staffed by the clueless

Depends on the ISP. Generally speaking mid-sized ISPs have pretty good abuse desks, mainly because they are big enough to have a decent technical team, yet small enough to not be swamped by abuse reports. That said, this kind of thing is a no brainer for the scripted response type of first line support used by large ISPs. Basically it boils down to "look for an IP in the mail headers that falls within a set of provided IPs and if present, click some widget to block outbound email from that IP". All you need then is some process to advise the customer of the problem and remove the block once the problem is resolved.

As you say, DNSBLs (non-dynamic ones anyway) have been rendered largely obsolete by the spamnets of compromised machines. There are so many of the damn things that a spammer can use an IP for a couple of days, discard it and not need to use it again for a couple of months, by which time it is probably off the DNSBLs again. This approach adopted by Telia (and Demon Internet in the UK, others?) is the only efficient way a large ISP can deal with this issue without incurring massive labour costs that I can think of.

Re:a great idea

[Keith_Beef]

There are all too many ISPs who appear to be happy to turn a blind eye to this type of activity, in spite of the fact that it costs them money.

Well, in France, many ISPs have premium rate phone numbers for the helpdesk. So, if you're on a dial-up connection, the ISP makes money hand-over-fist! First, you pay to download the spam (because the ISP doesn't block it). Then you pay for the pleasure of listening to 10 minutes of vivaldi's Four Seasons, before explaining to helpdesker No.1, who then passes you on to helpdesker No.2, who wants all the same details again... you get the picture. Finally, if you manage to get any help at all, you'll be sent an e-mail with a 650KByte MS Word attachment, with details of how to set up spam filtering *on your home computer*, so as to filter out spam *after you've downloaded it* Stupid, those ISPs? No, they have a profitable, if immoral, business model. Keith.

Re:a great idea

Hey! that's a serious offense! I work in abuse, im not clueless, just lazy!

Re:a great idea

Yup. Want a domain for your block lists? activeisp.com. The abuse guy there, who worked very well for a period was "re-assigned" after he went to the boss asking to throw off several big spammers. He told me this himself.

Re:a great idea

[gizmonic]

My guess is that part of the problem is that most abuse desks are flooded with inane crap. At least ours is. I can't tell you how many emails we get from people who forward a spam to us, and do not include full headers. I mean, they had to find the IP and track down who owned it to get the spam report to us, so how can they then forward us the spam and not include headers? Amazingly, that accounts for well over half the abuse mail we get. Then there are the people who send a message saying "Stop sending me spam" and include an IP address, followed by a copy of our ARIN netblocks, as if we didn't know who we were, and that's it. No spam, no timestamp. Nothing. Then there are the myriad of people who simply write our abuse desk with nothing more than "Please remove me from your mailing list." And it goes on and on and on like that. Of course, now that all the nice new viruses are out there, we also get a ton of "One of your users attacked me on port 135" emails. (We have port 135 blocked on our routers to keep from our users from infecting the net, but on the same NAS, they can still get to each other.) The best ones are from people who send us email claiming they are being attacked by one of our DNS servers because their firewalls are capturing logs of the DNS requests.

That's why, as I've said before, we love SpamCop. When we see a SpamCop report, we know we will have everything we need to knock someone off the network. Very seldomly have we gotten a SpamCop report on something that was not spam. As for the rest of the abuse mail? Maybe 1% or 2% have enough information to track the user, and are actual abuse issues. And usually, they were already banned from a SpamCop report.

Anyway, I've rambled on enough. But for those who don't work abuse for a large ISP, now you have a small glimpse of what the abuse mail looks like.

Re:a great idea

[AndroidCat]

An awful lot of large ISPs are undead companies. (Worldcom/MC/UUNET, etc) They bought up a lot of lesser companies and then died a few years ago. They still shamble around in Chapter 11 or such, selling body parts to maintain their un-life. (They need brains, okay?)

Because a proper abuse desk doesn't generate direct profits (it can cost them spammy customers), it's the first to get chopped when cuts happen. You can argue that in the long term, spam costs them money, but long term to them is two quarters away.

Re:a great idea

I work for an ISP, and part of my job is dealing with abuse complaints. So many people who send in complaints to us expect unrealistically that 1) the "offending" customer will be instantly and permanently disconnected, and 2) that we are mind-readers.

First, half the complaints coming in don't have enough information to actually prove anything occured. Don't bitch to me about some IP address, and then provide no information to back up your complaint. We won't disconnect one of our customers just because you don't like them -- we need evidence.

And second, realize that in most cases dealing with the problem is not instant. Unless it's something severe, we are going to give our customers a day or so to get it resolved before we resort to cutting their connection off. God forbid, these people actually pay for their connectivity, and within reason they deserve the benefit of the doubt -- wouldn't you expect your ISP to give YOU that consideration? Oh, I forgot, you are perfect and no virus has ever infected your computer, etc, etc, etc... :rolleyes:

In our ideal world, nobody abuses the net, because anyone who does is immediately removed. However, this is the real world, which is hardly ideal.

Re:a great idea

[fredklein]

Then ISP's need to add a new option to their script: "If caller complains about Spam, confirm Spam ands cancel offending account."

There. Problem solved. Sheesh.

Re:a great idea

a spammer can use an IP for a couple of days, discard it and not need to use it again for a couple of months, by which time it is probably off the DNSBLs again

SIMPLE solution- never remove an IP from your BlackList unless there is PROOF the trojan/whatever was removed. Speciffically, DO NOT remove the BL just because there has been no Spam for a few days.

Re:a great idea

Most, if not all of these can be handled with a simple auto-reply form letter thanking the user for reporting Spam, and explaining that due to excessive volume, individual reports cannot be responded to, and reports that do not have all the information (copy of Spam, full headers, etc) will not be able to be acted on. If their email does not meet the requirements, they need to re-send it. Etc, etc, etc.

Then delete anything not meeting the requirements.

So, what's the problem? Are you too dumb to set something like that up??

Re:a great idea

[Tripster]

I contract to a small cable ISP, their policy is simple, your machine is infected we drop your IP from network until such time as it is fixed. Upon further infestations by the same user they require them to install a hardware cable router/firewall solution before letting them back on the network.

We also treat those who run P2P in "supernode" mode the very same way, as a small network with 200 users they can only afford a 5mbit pipe to the net, a few guys in supernode mode and the network becomes very ugly. In essence any home user with 5000+ connections in a couple minutes gets tossed until they learn to play nice.

After the users know they rules they settle down nicely it seems, we also block the common worm ports at the headend so there is less chance of our users becoming infected in the first place.

Re:a great idea

[gizmonic]

So, what's the problem? Are you too dumb to set something like that up??

Not to respond to Anonymous Coawrds, but in case anyone else was wondering the same thing...

I don't make policy. And those that do want a human to read over all support / abuse mail. So, while an auto-responder is fine, having a script delete mail that does not meet criteria is simply not going to fly with management.

Personally, I would love to have a script that parses the mail, runs some checks to verify it is indeed spam, go through the accounting logs and find the user, and then ban them if they are not already, and respond to the complainer with the results. But, my l33t coding skillz aside :) that simply is not going to happen as management would never allow it.

Sometimes in life, you have to do things the way other people want you too.

Re:a great idea

[Valdier]

Earthlink in fact blocks computers that send spam out. In addition they are pretty helpful when it comes to letting you know/test if you have managed to stop the spam. Unfortunately in my case we couldn't find the trojan/proxie on a win2k machine and so it led to recreating the servers install.

Re:a great idea

[Alpha_Traveller]

Ahh... actually it can make them money too. I know of more than one small to mid-size ISP that purposely sets up mass mailing addresses within the mail system and sells the 'location' of the individual mail address for broadcasting within the ISP itself to spamhouses.

So have a nice day.

Re:a great idea

[bedessen]

Whaddya talkin about? This Dave Null guy seems to be employed by thousands of ISPs to handle abuse@. He must be really good at his job...

Re:a great idea

[csk_1975]

You seem to like spamcop reports and have entertained the thought of automatically banning people by parsing the spam reports you receive. This should be treated with a great deal of caution unless you want to be responsible for fiascos like this or this.

Relying upon some of the kooks who use spamcop to make the determination as to which of your users should be "killed" is not wise and I think your management has made the right decision. Certainly automating the process of sorting the complaints into wheat or chaff and cross referencing them to user accounts is worthwhile, but this should be an aid to human review and not an end in itself.

Having scripts which automatically hit the kill button is open to abuse - so it will be abused.

In a related story...

[bobdotorg]

In a related story, Microsoft sues Telia, commenting, "C'mon, it would only be a matter of time before all Outlook and IE users get banned from the net."

Re:In a related story...

It made me laugh. And it was short and well written. So fuck off.

Re:In a related story...

[rifter]

these lame "jokes" are really getting old. why don't you use the four brain cells you have left for something more productive?

It's not a joke, though Outlook is. The parent post was +5 informative in my book. :)

Re:In a related story...

You're new here, aren't you? You're supposed to be a mindless zealot, and a hater of all things Microsoft!

Holy christ man, change your behaviour or get out. Diversity is intolerable here.

Re:In a related story...

[Bunji+X]

Funny thing is that in Sweden, Telia is for ISPs, what Microsoft is for desktop operating systems in general. Abusing monopolistic power is run of the mill business practice for Telia and has been like that for the last 20 years.

Microsoft vs Telia would be a case in which I'd very much like to see both parties loose. :)

Re:In a related story...

Boy, do I disagree! The jokes are not getting old.

What is getting old, in fact, so old that it stinks real badly right now, is the fact that we can continue to make such jokes with a factual basis.

Microsoft's continued inability to design new products or fix existing ones to provide even a semblance of security is the biggest joke of all.

No, no, wait, I guess that isn't funny at all.

Good.

[clfrd]

More ISP's should do the same.

Period.

Re:Good.

[krymsin01]

It'd be a lot easier that block a user's dynamic IP. Simply suspend their account. Then you don't have to loss an IP from your pool.

Re:Good.

[You're+All+Wrong]

Telia is now "TeliaSonera", after merging with the Finnish company Sonera. This anti-spam move is not just in Sweden, it's in Finland too.

ISPs must provide a QOS in Finland, and Sonera were fined recently (last few weeks) for being unable to deliver mail as they were so bogged down with spam.

So they're not doing it for altruistic reasons, they're doing it because it costs them big-time if they don't. I'm still glad they're doing it though.

All of this was filtered from stories in the Helsingin Sanomat
via my "doesn't speak Finnish" brain, so may be not quite true.
(HS had suffered because of the Sonera e-mail problems, I remember, so they had a particular bias (anti-spam, not anti-Sonera) in
their report).

Anyway - agreed. Period.

YAW.

Re:Good.

[cybergrue]

They are. Bell Canada's ISP Sympatico has threatened to do the same, and just this morning, I got an emil from them saying "Although your computer does not appear to have a virus on it, please buy our virus scanner".
And to think, the last time my computer caught a virus, it was after their helpdesk staff advised me to turn off my firewall when connecting to the net.

Re:Good.

[Per+Wigren]

One way for an ISP to inform clueless users before shutting them down is to SNAT all outgoing port 80 connections to an informationpage saying something like "Your computer is infected by a virus and is causing problems for the rest of the network. Click here to install an antivirus program!"
A bit extreme maybe but still better than just shutting the thing down..

Re:Good.

[DavidTC]

You can even give them access to incoming email, and even shunt their SMTP into a custom mail server that lets them send email to tech support. (Or, hell, to anyone in the world...at one piece of mail every ten minutes.)

Of course, I'm in serious favor of outbound SMTP blocking in general. With the ability to have it disabled for people who know what they are doing. While trojans can still check what network they are on and spam though the right relay server, that requires custom code for each ISP and it's a hell of a lot more noticable by the ISP.

Before all you people start whining that you run Postfix behind a dynamic DSL, note I said 'the ability to have it disabled', and thus, not only can you turn it off, it's a hell of a lot more likely your entire dialup range isn't blocked somewhere because one third of the lusers on your ISP are running open proxies.

Re:Good.

[ViolentGreen]

That sounds suspiciously like a pop-up scam. A lot of people will simply ignore this message like they have been tought to do with pop-ups even if it did have the ISP logo or URL. I would be hesitant to do that as well.

Re:Good.

Sheez, I can't believe the number of Slashdotters who think this is a good thing.. The way this is going, soon we'll all have to apply for a license from some authority for every port we want to have running on our internet connected computers. I'd rather have a unregulated internet than a regulated one; and I definately don't like the idea of my ISP, or anybody else, monitoring the traffic from my home machines. Spammers, viruses, trojans etc. are a pain, but a heavily regulated internet would be a worse pain.

Btw, Telia is a big rich company; if their mail servers can't handle the load, then they should buy better machines. Either that, or maybe allow people to run smtp-s on their ADSL connected machines again in order to spread the load..

Just my 2 cents worth.. /Anders

Re:Good.

[Dawn+Falcon]

Fine. But they DO need to state it up-front. I've had massive trouble in the past with "hidden" ISP policies (not dorectly related to this, but..)

Oh, and they REALLY need to list the ports they block. One perfectly legit program was blocked and it took a me and several people at the ISP several days to find out why it wasn't working.

Once we KNEW, I recompiled the program to use another port and problem was solved.

This is a great thing

[the+man+with+the+pla]

ISP's taking some level of responsibility for the actions of their subscribers is *tremendously* important. Spam exists because of the complacency of two entities: ISPs that allow (or even sell bandwidth to) spammers to use their networks; and Microsoft, for making it so easy for computers to be enslaved by spammers (sorry I know that's flaimbait, but it's true.)

Re:This is a great thing

[it0]

Yes but it has implications, if they take action against spam, they must take action against kiddie porn, warez etc. That's still fine, however I can imagine that there are gray area's where ISP's going to screw up.

Re:This is a great thing

[dontbgay]

Yes but it has implications, if they take action against spam, they must take action against kiddie porn, warez etc.

One step at a time, my friend. One step at a time.

Re:This is a great thing

I think you might have forgotten

3) The spammers.

Why is this news?

[eddy]

Telia is mostly known for their suckage over here. They've made several false starts, including blocking SMTP completely at their border making it impossible to host ones own mail server.

I guess if they've finally given up on that idoicy and actually go after the specific hosts that are a problem -- like we in the community has said for years is the correct solution -- then I'm all for it.

Just sad that it's making news the way it is. I think the news should be that they wasted at least two years reaching this "insight"!

Would be interesting to know if this was because the suits finally listened to their techs, or if it's because the techs finally gained a clue.

Re:Why is this news?

[Drakin]

It's news because it's an ISP actually doing something useful and proper in dealing with this sort of thing.

It's unbeleiveably rare.

Re:Why is this news?

[Anime_Fan]

Telia is mostly known for their suckage over here. They've made several false starts, including blocking SMTP completely at their border making it impossible to host ones own mail server.

Yes, but bostream is no better. They make customers who want to use an email with FROM-header other than foo@*.bostream.foo setup their own SMTP-server. I preferred Telia's approach.

I don't think their press release will affect the ammount of spam in my inbox. Telia is all too clueless for that. I am however happy that I get a pretty low ammount of spam when compared to US figures. I'm down to less than one junk mail per hour and still not prepared to pipe all messages through SpamAssassin (too high false negatives due to most mail being sent in Swedish).

Still, Telia has alot to do with the ammount of incoming spam. Most of the spam that arrive in my Telia inbox doesn't even have my email in the TO-header (but has it in X-Original-To). The other types of spam I get is the ones that look like:
Received: [*Snip*] Sat, 1 Nov 2003 15:50:49 +0100 (CET)
Date: Wed, 28 May 2003 23:14:06 +0000
I hate spam I can't directly see which box it is sent to, which date it was sent or that has ASCII-art topics.

Re:Why is this news?

[BetterThanCaesar]

blocking SMTP completely

That might just have been because AOL began bouncing all e-mail from Telia -- mainly due to the same problem as they have now. What would you have done?

I think this is a good thing. it stops the relays now and those affected will notice it, call the support, and be informed of why they were cut off.

Re:Why is this news?

[Troed]

I'm down to less than one junk mail per hour and still not prepared to pipe all messages through SpamAssassin (too high false negatives due to most mail being sent in Swedish).

I've never had a mail in Swedish marked spam by SpamAssassin - the only false positives I've had (three in 6 months) were mails from mailing lists where the poster indeed had weird headers.

Re:Why is this news?

[m2uk]

Could be worse. Your neighbour country Finland has the delights of Telia Sonera to fuzz up their mail, for several weeks, and then they blame viruses. Outsource to Messagelabs then twats or similar.

Re:Why is this news?

[gizmonic]

Blocking SMTP is not idiocy. You might be inconvenienced a bit, but spammers still use throwaway accounts. They pay their first month of service, and then spam until the ISP finally catches on and shuts down the account. If it takes even 8 hours to catch them, that's millions of spams. Most of our spam reports are around 24 hours old when they reach us. That's 24 hours of constant spamming. Port 25 blocks keep them from being able to use our network to do that.

It may be a bit upsetting not to be able to run your own mailserver, but the amount of spam stopped far outweighs that inconvenience.

Disclaimer: I work for an ISP, but not Telia...

Re:Why is this news?

[Dawn+Falcon]

Fine. As long as you state it up-front.

You pick static or dynamic IP when you sign up to the ISP I use. Only if you're on the static IP do you get the ability to run your own mail server, with the big warning that they cut your net first then investigate abuse complaints.

I think that's reasonable - if you want to run a mail server, make SURE you do it right.

Re:Why is this news?

[eddy]

>Blocking SMTP is not idiocy.

Sure it is, blanket blocking, that is. I pay for an internet connection, not a "web connection".

Just block the fucking machine doing the spamming! Hard to detect one machine sending X/mails per minute? (<-- rethorical question, but feel free to plead stupidity if you want)

My work's ISP does a variation of this

[quizwedge]

We have a local ISP and we are probably his largest customer. We've had problems since he is a startup and he traced them to trojans/worms/etc. so he sent them a warning to fix their system and then when they didn't, he shut them off. It's worked very well for us, keeps the number of infections down, keeps his network up and running, and keeps people accountable for the security of their computers.

And if anyone is wondering why we're going with a startup for business, it's because the only choice between 144kbps DSL and a full T1 is this guy.

Re:My work's ISP does a variation of this

[NorwBlue]

Actually, I did not wonder why You went with a startup for business. I Used to be Head of Computing in a company that spend around 2 mill $ and when we dropped the biggest computer supplier in Norway for a small startup, guess what : We went from being a ok account in a huge company to being the biggest account in a small company (It more than trippeled its sales). We suddenly got really good service, better prices and every one we called for help/support/service bent backwards for us(when we wanted them to, wich wasn't that often*evil grin of power*) So my advice to everyone managing a net is : don't follow the big fish, but find a place where You ARE the biggest fish. A bit off topic maybe, but if everyone did the same when it came to ISP services, YOU to would have leverage if you wanted your ISP to implement something similar.

Re:My work's ISP does a variation of this

Ha! If I went some place where I was the big fish, I'd have to find a kid in a garage who was running an ISP off his parent's free cellular phone minutes on weekends. (One for incoming, one for outgoing...)

Customers are *not* unaware of it

[Jugalator]

The users blocked are notified about it, and Telia will help them sort things out. Probably by giving suggestions to clean up trojans, etc. since these are often the reason someone spam without knowing. They also only seem to block well-known, heavy duty, spammers right now, since they haven't yet implemented a spam filter, but are considering it.

So, even if the customers won't be given a time period to stop spamming, they're still not left unaware about it, as the /. news post incorrectly states.

Telia says they're also attempting to detect spam hosts much quicker than earlier, when it could take up to a week or more to shut a host on their network down, when the damage was already done.

Re:Customers are *not* unaware of it

[clfrd]

The post doesn't say the users aren't aware of it, it refers to the users being unware that they're acting as spam relays.

Re:Customers are *not* unaware of it

[Jugalator]

Sorry... Too early in the morning...

Not quite sure how I read that news post. :-) But the other parts should still be true. ;-)

Re:The GPL is a licese to Steal

[ananke]

what idiot decided to mod this up as informative?

In other news...

* Police arrest citizens who break the law
* Shools suspend students who bully
* Bouncers eject drunken louts
etc...

Re:The GPL is a licese to Steal

Umm...compiling something with gcc doesn't mean what you've compiled, and its source, falls under the GPL. You can compile non-free products with gcc.

Re:The GPL is a licese to Steal

[tintruder]

AMEN!!!

It's not an earthshaking loss to give up the Intellectual Property claim on one days work, or even a few days on a small project.

But to lose all possibility of future profit from a major project because as soon as you are done, it essentially becomes public domain is insanity.

How many Linux titles (apps, not OS) do you see on sale at your friendly neighborhood computer store?

None. Because everything ends up free to download.

Now imagine the entire software industry if this were the case. Heck, even the hardware companies would be screwed if their code was GPLd.

Profit is not evil, nor is protection of IP.

Tell the Infected Individual First

[GOPWillC]

It makes perfect sense to block off the trojan infected PCs that are sending SPAM. But I don't believe it is fair not to notify the user of said infected PC. Some of these people may have friends who have Telia email accounts, and if they're being blocked, it means they can't receive mail from them. So, while I agree with Telia's decision, they should give the courtous of notifying the individuals first.

Re:Tell the Infected Individual First

Why would you want to keep that vector connected for x number of days before discovering the owner is not acting upon it? You're saying the right (of connectivity) for the individual is outweighing the right (of not being assaulted) for the masses?

Re:Tell the Infected Individual First

[jaavaaguru]

I see nothing wrong with the customer's connection being immediately withdrawn. When they find out they either can't connect to the 'net, or just can't send e-mail, they'll call technical suport anyway, and then the ISP can easily inform them of the problem.

Also, people shouldn't choose to use technology that they don't have a good understanding of unless it's been set up properly by someone else beforehand. By that, I'm not meaning that the average member of the public shouldn't surf the Internet with their PC - one of these things should be happening:

1. They use a computer system that's been set up securely by the vendor

2. They apply all the latest security patches as soon as they're released

3. They understand about computer security and secure their system themselves.

If you own a computer connected to the Internet, then it's up to you to decide what you do with it, and what you let other people do with it.

Re:Tell the Infected Individual First

[flurdy]

I disagree.
It is not nice to be cut off without warning, but if your machine is infected or comprimised in some way then it needs to be isolated.

True, an email warning would be helpfull, but some people only read their email once a week or less. In the mean time their machine could still be on, and relaying junk all over the place.

Best cut them off and have them contact Customer Services to be reconnected. Ok they probably might want to join another company afterwards...

Or send them an physical letter.

The best solution though, would be to move suspected customers into a specific firewalled network where all ports were blocked incomming and outgoing and all that was allowed was incomming pop3/imap so they could receive the warning message?

Re:Tell the Infected Individual First

The individual WAS notified the instant that their computer was compromised by the spammer. Either they ignored the notification, or they were not technically competant enough to notice. In either case, what good would sending them an email saying "Your computer is sending spam, stop it or we'll disconnect you" do? Either they will ignore it, or they won't understand it.

When a computer is discovered sending spam, it should be disconnected from the network IMMEDIATELY and not reconnected until the problem has been fixed.

Re:Tell the Infected Individual First

I agree, we are all a part of a world wide community, and if some computers are infected they are a threat to the rest of us. And if the ISPs have the ability to shut off infected computers then i believe it should be there responsibility to do so.

When theses people find there services shut off you can bet they will be on the phone in a heart beat, much fasted then if they are emailed

Re:Tell the Infected Individual First

[Rick+the+Red]

If you own a computer connected to the Internet, then it's up to you to decide what you do with it, and what you let other people do with it.

Oh, I wish that were true. Unfortunately, your ISP decides what you can do on the internet. Some ISPs are much better than others, but most impose some restrictions.

Re:Tell the Infected Individual First

[gothzilla]

Kinda OT but your post reminded me of something I tell my customers when working on their computers.
(in the context of being in the USA)
You gotta have a license to drive, a license to cut hair, and even a license to catch a fish, but any moron can have kids or get on the internet.

You get stung, you react.

[Gubbe]

TeliaSonera is a company formed by the merger of swedish Telia and finnish Sonera. Sonera is one of the largest Internet/telecommunications providers in Finland and their e-mail systems have become a laughingstock during the last month. Reason: they don't work. There have been delays of several days in message delivery, some messages are lost entirely and their SMTP server seems to be down.
Sonera is blaming this 100% on the W32.Swen.A virus and while there is ongoing debate regarding Sonera's e-mail administrators' competency, that certainly explains why Telia is scrambling to remedy this problem in Sweden. [Un]fortunately (ignore the part in brackets if you are a privacy advocate) the Finnish legislation doesn't allow Sonera to perform the same thing as even automatic monitoring of e-mail traffic is not permitted by the communication privacy laws.

Re:You get stung, you react.

[LuckyPhil]

Sonera is one of the largest Internet/telecommunications providers in Finland and their e-mail systems have become a laughingstock during the last month. Reason: they don't work. There have been delays of several days in message delivery, some messages are lost entirely and their SMTP server seems to be down. Sonera is blaming this 100% on the W32.Swen.A virus and while there is ongoing debate regarding Sonera's e-mail administrators' competency, that certainly explains why Telia is scrambling to remedy this problem in Sweden.

That's rather interesting. Telstra in Australia also has been the laughing stock down under with email servers not working, etc. Whirlpool has the complete story if anyone is interested. Perhaps these guys got their story from the same "excuse file" as Telstra??

Re:You get stung, you react.

[weldzu]

[Un]fortunately (ignore the part in brackets if you are a privacy advocate) the Finnish legislation doesn't allow Sonera to perform the same thing as even automatic monitoring of e-mail traffic is not permitted by the communication privacy laws.

Actually, Sonera got a special permit from the Finnish communications bureau last week for scanning all emails for virii and trojans. What I wonder is, if they can't config their mail servers, can they config the scanning properly?

Another matter is that I never saw any mention on how long this permit lasts. Also, I believe that the special permit does not really remove the fact that this scanning is against the law. I may be wrong though, maybe there is a mention about special circumstances and comms bureau in the law...

Re:You get stung, you react.

[BJH]

Sunspots!!

Re:You get stung, you react.

Amazing! Telstra (Australia) made similar claims, after making other don't know claims for 3 or so weeks. Finally it was put down to a headroom problem, (Managers having plenty of room in between their ears) - or short on storage, then offered a 2 week rebate for defective service. A Carnivore in the middle could have also bitten more spam than it could chew. No full technical explanation with facts has been offered.

Re:You get stung, you react.

Virus i pluralis heter "viruses" pa engelska, din obildade finnpajsare! Det finns inget som heter "virii" pa nagot sprak.

Re:You get stung, you react.

yeah, the word is viruses, not virii.

Re:You get stung, you react.

[ajs318]

Or viri. -us -> -i. Not -ii unless the singular ended in -ius.

Good.

[Sheetrock]

Oftentimes, users don't even realize they've got trojans until there's some form of penalty. Internet access suddenly stopping, warning messages, a big red Alert, or something.

It used to be one knew they had a virus because an ambulance would fly around the screen or the computer would stop working. But given the amount of these things coming in through P2P I'm not surprised they aren't seeing all of the extra traffic on the little set of computers in the system tray.

Hopefully, the ISP will be similarly proactive in restoring access when the traffic stops. I'd hate to think somebody's dynamic IP address stops working ala Something Awful because of somebody else's bad Net habit.

Mod parent up

[Adam9]

Very true; the grandparent confused me.

Good news!

[RT+Alec]

This is certainly good news. Now their customers who are infected will figure things out pretty quickly!

Of course, this would have been easier if they just blocked egress port 25 traffic (which would not include their own SMTP server, of course!). Imagine all ISPs blocking egress port 25 traffic for their DHCP clients (e.g. most cable modem, dial-up, and DSL), and shutting off their corporate clients who spew spam! That would effectively eliminate spam, since IP addresses left still sending spam (directly or due to a trojan/virus) would quickly end up on DNSBLs.

It is irresponsible for ISPs to operate otherwise. Simple steps to be a good netizen:

• Don't use port 25 for initial mail submission. The fact that this port is used for both mail transport (between systems) and initial mail submission (which is really a different activity if you think about it) is a mistake. Use port 587 with SMTP+AUTH, or port 465 with SMTP+AUTH+SSL
• Implement one of the reverse lookups for incoming SMTP traffic (RMX or SPF:Sender) when one of the competing proposals become a standard (and your software catches up)
• Block egress port 25 traffic from your network

These apply to any businesses that supplies IP connectivity to any other computers (offices, schools, WISPs, in addition to standard ISPs). To not do so is to be a part of the problem.

Re:Good news!

[AnotherBlackHat]

Of course, this would have been easier if they just blocked egress port 25 traffic (which would not include their own SMTP server, of course!). Imagine all ISPs blocking egress port 25 traffic for their DHCP clients (e.g. most cable modem, dial-up, and DSL), and shutting off their corporate clients who spew spam! That would effectively eliminate spam, since IP addresses left still sending spam (directly or due to a trojan/virus) would quickly end up on DNSBLs.

Eliminate spam? Spare me.
Currently, less than 85% of spam comes from trojaned DHCP clients.

I'm glad that Telia opted for a more targeted approach rather than a blanket "guilty until proven innocent".

-- this is not a .sig

Re:Good news!

[maartynp]

Either that, or they blackhole them into DNS oblivion [deny DNS service to off. systems] (till the user runs patches/removal tools) Scan network intermittently (few hours) till symptoms of spamming are gone and reinstate in good DNS pool so surfing may continue. Or, block all POP, IMAP (and SMTP) traffic from all affected client computers till client fixes system(s) either way. Or send all traffic to loopback address on router (!)

Re:Good news!

[piranha(jpl)]

Imagine all ISPs blocking egress port 25 traffic for their DHCP clients ... It is irresponsible for ISPs to operate otherwise

Then they cease to be Internet Service Providers and become Interweb Service Providers. Why should "consumers" be subject to inferior Internet service? Why wouldn't/couldn't an ISP monitor egress port 25 traffic for suspicious spikes? I won't be doing business with ISPs that try pulling stunts like that.

Re:Good news!

[dmeranda]

Blocking entire ports is like using like using a sledge hammer to affix a staple. First the majority of spam email wouldn't be affected. And if you're delivering mail via some other protocol spammers will still get through. Port blocking is not really a good policy, except on an individual basis where there is proof of such activity; or in cases where the client is paying for an intentionally crippled partial Internet access.

There is nothing wrong with using port 25. And if you want to use TLS/SSL, you should still use port 25 via the well established STARTTLS extension to the SMTP protocol. There is no reason to waste additional port numbers on experimental protocols when the SMTP protocol already does all that and is fairly mature with lots of supported software.

Oh, and I for one rely on having egress port-25 traffic from my home DSL. I am not a spammer, but I am a network administrator of a large company and find it very useful to "test" my own servers from an external unrelated addresses.

Re:Good news!

[pavera]

Don't be stupid.
There are plenty of DSL and Wireless providers that allow you to run servers. I maintain about 30 such servers for small businesses. this policy would completely eliminate the ability of these businesses to economically run their own email/web servers. None of these servers send spam, they are not open relays, they are well maintained servers that deserve to be on the net, blocking them would be draconian and stupid.

Re:Good news!

Then they cease to be Internet Service Providers and become Interweb Service Providers. Why should "consumers" be subject to inferior Internet service?

so you want to be responsible and accountable for
your activities on the net. policing yourself

Why wouldn't/couldn't an ISP monitor egress port 25 traffic for suspicious spikes?

so you want your isp to be responsible for policing your connection ?
you can't have it both ways.

transparently forwarding to isps mail server
(dest_port 25 on egress)
for all machines that haven't enrolled on some
internal "I am running a mail server" list is
really the only way to go.

Re:Good news!

[skagin]

Cute similie, bit it's _wrong_. I've been an admin at two ISPs, and both blocked port 25 to all mailservers except their own. If one wanted to run one's own smtp server one was required to get explicit permission which included open relay testing. If one wanted to mail out through an alien mailserver a similar process was required. From talking over email issues with other ISP admins I learned that this is (or at least used to be) very common. Here's why

ISPs hold one another responsible for their networks. If I am hosting an open relay, connect proxy, etc. I'm going to be held accountable. I may be blocked one way or another, my ip range may be listed on someones site as hostile or exploitable, or I may get shunned in some other entirely novel manner. I'll almost certainly have to deal with annoyed phone calls and emails from other admins demanding I fix the problem.

This kind of peer pressure is really the only way we have to keep one another playing nice, and for the most part it seems to work. Most folks would be amazed at the amount of spam, viruses, and trojans which are stopped by this ersatz reputation network. Even complete wingnut vigilantes like wossname@monkeys.com occasionally are a blessing (albeit in deep disguise).

So if we can stomp on bad behaviour by blocking port 25 we'll do it. If users can't deal with a simple protocol for approving the use of other mailservers or testing out mailservers on the users' networks they can find another ISP. Most seem to understand and cooperate gladly. Those who don't can find another ISP.

Re:Good news!

[msauve]

In the US, such an action would be illegal, as are the actions of ISPs which participate in the MAPS DUL.

18 U.S.C. 1030 reads in part:

"Whoever... knowingly causes the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causes damage without authorization, to a protected computer;...shall be punished as provided in subsection (c) of this section."

MAPS DUL and those who participate in it quite clearly knowingly transmit information (zone transfers of the database - zone dialups.mail-abuse.org) and commands (mail system configurations) which intentionally cause unauthorized damage to protected systems.

"[T]he term "protected computer" means a computer... which is used in interstate or foreign commerce or communications, including a computer located outside the United States that is used in a manner that affects interstate or foreign commerce or communication of the United States;" This clearly covers any computer used for Internet commerce, including eBay and many other Internet transactions, which covers just about everyone.

"The term 'damage' means any impairment to the integrity or availability of data, a program, a system, or information;" Use of the MAPS DUL clearly impairs the availability of the Internet email system and the information transferred using it.

MAPS, and it's DUL participants, are actively participating in illegal denial of service. Blocking outbound port 25 would also be illegal denial of service, as it impairs the delivery of mail to the published MX of a mail recipient.

Re:Good news!

[wowbagger]

Currently, less than 85% of spam comes from trojaned DHCP clients.

So, by your own numbers, shutting down direct-to-MX email from DHCP clients should eliminate about 85% of spam - that is a worthy target.

I say 85% because if you had real figures showing a percentage less than 85% you would have used the lower number to make your point.

Re:Good news!

[Hurga]

I've been an admin at two ISPs, and both blocked port 25 to all mailservers except their own. If one wanted to run one's own smtp server one was required to get explicit permission which included open relay testing. If one wanted to mail out through an alien mailserver a similar process was required.

That's excellent practice, but from what I've seen, far from being common. Where do you live?

More ideas how ISPs could help fighting spam:

- Hold your customers responsible for Spam sent in any case. Maybe it really isn't their fault, and this new Trojan sent it, but how can you be sure it isn't just a spammer excuse?

- Require a security deposit for opening egress port 25. If spam is being sent, the deposit is forfeit (and port 25 is closed again). This could help fighting hit-and-run spammers creating accounts with stolen CC numbers or some other fraudulent way.

Hanno

Re:Good news!

[gizmonic]

So, why don't you leave the keys in your car and the windows down everytime you park? You've got OnStar/LoJack/whatever. If you come out and the car is gone, you'll just call whoever, they'll track it down and get it back.

Not the best example, but the fact is, by the time you see a "large spike" in outbound port 25 traffic, it is too late. That's spam that just went out to the world.

Being forced to use our SMTP server if you are on our network is not such a big deal. Besides, we voluntarily submit our dial-up IPs to blacklists. So, even if we didn't block port 25, your mail wouldn't get to anyone using one of those blacklists anyway.

Of course, you are free to not use our services. That is the beauty of a free market.

Re:Good news!

[sqlrob]

Require a security deposit for opening egress port 25. If spam is being sent, the deposit is forfeit (and port 25 is closed again). This could help fighting hit-and-run spammers creating accounts with stolen CC numbers or some other fraudulent way.

How does this help with accounts opened with stolen CC numbers? They already used it once to open the account, why do they care if they lose a security deposit from it?

Re:Good news!

Perhaps you've missed the bits where Congress says the industry can self regulate and is not liable for reasonable solutions that block spam?

Re:Good news!

Then they cease to be Internet Service Providers and become Interweb Service Providers.
No. At that point I would feel confident in calling them a Responsible Internet Service Provider.

Why should "consumers" be subject to inferior Internet service?
Because the average "consumer" is not an overweight linux nerd who lives in his parents' basement and likes to send mail from his own SMTP server.

Why wouldn't/couldn't an ISP monitor egress port 25 traffic for suspicious spikes?
Because an ISP has more important things to do with their time than monitor their customer's email traffic.

I won't be doing business with ISPs that try pulling stunts like that.
Good. I doubt that they would want your business anyway. I hate to be the one to hit you with the cold, uncaring baseball bat that is reality; but people who run their own mail servers are in the minority. When given a choice between blocking all SMTP traffic from cable/dsl/dial-up IP blocks, resulting in vastly less spam; and pissing off some fat linux geek, I'll take pissing you off any day.

Cheers!

Re:Good news!

[Spl0it]

I'm willing to bet against that figure you 'pulled out of thin air'. I've had a 'private' email address which I don't advertise for over 2years now and just recently I've started to receive spam. Both types of spam I'm getting are virus from infected pc's. As well both are coming in usually one-two times a day, not to mention my isp failed to provide any assitance what so ever even though most of the emails are coming from there users.

Re:Good news!

[AnotherBlackHat]

I'm willing to bet against that figure you 'pulled out of thin air'.

That 85% comes from an analysis of the addresses that hit my 400 spamtraps over the course of three months.

85% were from IPs I'd never seen before and that don't listen on port 25. It's entirely possible that they aren't DHCP clients, but they aren't open relays, or known main sleeze, and there's not a lot of other possibilities left. But there are other possibilities, hence my "less than 85%"
comment.

If you count viruses as spam, then it's a lot higher this month.

Now 400 addresses is still a small amount when measured against the total volume of spam,
and it could easily be off, but I be happy to take your bet.

-- this is not a .sig

Re:Good news!

[BSDorBSOD]

I won't be doing business with ISPs that try pulling stunts like that.

...and another clueless spammer is born. Honestly, reading the comments here is illuminating in a Jekle and Hyde sort of way. It seems everyone wants to have their cake and eat it too. Block everyone else who might send spam out - but don't stop me!

It is irresponsible to not block outgoing SMTP connections from dynamically assigned IP addresses UNLESS they are routed through the ISPs SMTP relay. That does not block ANY outgoing messages, except possibly spam, viruses, or other messages with mailcious content. Is that what you are afraid of piranha(jpl)? At the very least, it gives the ISP a much shorter time between identification and correction of compromised systems.

Re:Good news!

Well, blocking port 25 is kind of a last measure for ISP's.

Re:Good news!

"When given a choice between blocking all SMTP traffic from cable/dsl/dial-up IP blocks, resulting in vastly less spam; and pissing off some fat linux geek, I'll take pissing you off any day."

That is your choice, and a stupid one. Judging from the way you tell your side of story, I am really not afraid of your pissing me off. I actually seriously doubt that you are in a position to piss anybody off.

Background

[upside]

The Finnish side of Telia, TeliaSonera, has been in deep sh*t the last few weeks. Their email has been clogged up, apparently at least partly due to the fact that they have been listed in a few blacklists. Even the comms authority has intervened and told them to put their act together.

Trojanised PCs on broadband are the likely cause, and the block is most probably a measure designed to prevent such from happening again.

Re:Background

[BOFHelsinki]

You mean "Sonera, the Finnish side of TeliaSonera". ("Telia" is not a company any more, just a brand for the Swedish side of TeliaSonera. Not that Telia didn't somewhat get the upper hand in the merger...)

Re:Background

Sonera is taking similar actions in Finland by indentifying and shutting down internet connection to all infected computers. They also help the customers clean up and protect their computers so this wouldn't happen in the future.

They are also in the process of changing their email server software.

The problem, as I see it, is that at the moment most of the ISPs in Finland *sell* anti-virus and firewall software instead of bundling it with the modem/DSL connection. It's only 5 euros per month but that is still way too much for customers who don't even understand what kind of crap you can get by only surfing the net unprotected.

Re:Background

[upside]

I stand corrected. :) Another BOFH @ Hki

Re:Background

[BOFHelsinki]

Parent deserves a mod up!

Re:Background

[BOFHelsinki]

Kippis! :)

Re:Background

[juha0]

TeliaSonera has mostly been lying to customers. They have some huge problems with their email system, and they try to explain this in various ways. I received an email two weeks ago from a friend that is using Sonera as his ISP. It arrived two days after it was sent, and to this day I've received that same mail 21 times. That can't be explained by black lists of traffic generated by spam or viruses.

First they said it was the black lists, but the symptoms didn't match. Messages just didn't arrive, and sender was not given any feedback about it. Next they said it was spam and traffic generated mostly by Swen. Other ISPs are not facing this problem, so it seems that they just have messed up their whole system and are too ashamed to admit it.

You're seriously mistaken about GPL

[jlehtira]

You must be mistaken.

Go check the GPL FAQ at http://www.gnu.org/licenses/gpl-faq.html.

Some highlights:

Does the GPL require that source code of modified versions be posted to the public?
The GPL does not require you to release your modified version. You are free to make modifications and use them privately, without ever releasing them. This applies to organizations (including companies), too; an organization can make a modified version and use it internally without ever releasing it outside the organization.

Can I use GPL-covered editors such as GNU Emacs to develop non-free programs? Can I use GPL-covered tools such as GCC to compile them?
Yes, because the copyright on the editors and tools does not cover the code you write. Using them does not place any restrictions, legally, on the license you use for your code.

Your post's a troll, and I only reply because I fear you might be truely, well, screwed on this. Don't believe FUD, find out yourself. Yeah, and your lawyers suck.

Yeah, second; ext2 doesn't need defrag. It takes care of fragmentation itself. That's why it isn't there. It's a bit awkward to have to run such tools on Windows, isn't it? I'd say you're mistaken with token ring too, but I'm not sure about that ;).

Re:You're seriously mistaken about GPL

Don't feed the trolls.

Re:You're seriously mistaken about GPL

You must be mistaken.

Every time I think I've seen the collective IQ here in Slashbork hit absolute rock-bottom biblical, astounding levels, another one of you retarded fuckers with a +600,000 UID comes along with a "truely" insightful little nugget of wisdom post and surprises the shit out of me. Mad propz. Mad propz unlimited to you indeed.

Please don't try to play GPL advocate, my man. Leave that to people who can use their brain to identify a troll before it runs up to them and kicks them in the gonads. They usually suck less at teh engrish, too.

Re:You're seriously mistaken about GPL

I think it's fair to post a correction for one reason: people may read what the troll wrote and think it true.

Now this encourages trolling, for sure. But it's different from feeding pigeons (which encourages pigeons to hang around people while they're eating). With pigeons, you can just not feed them and they go away. With mis-informing trolls, if you don't feed them, their bullshit sits archived and available for the world to read and republish forever. This is bad.

Don't feed the trolls, but slay them when they become dangerous. That was a very good troll, and we should have a repository of troll-responses to post for each one like it.

Re:You're seriously mistaken about GPL

Slasdork is full of FUD-saturated and misinformed posts about "M$" and every other conceivable topic that fans the zealot flames around here, promptly modded to +5 and archived away as an everlasting tribute to groupthink stupidity. I don't see you worrying about that specifically, so spare me the rationalizations.

Re:The GPL is a licese to Steal

Hej Troll!

the GPL protects IP.
There is nothing unlegal to download someone's IP as long as its owner want to give it free to everybody.
The only ones who complain are the ones who can't steal this IP for their own non-free softwares. Thanks GPL.

Workable Solution???

[tintruder]

Instead of shutting them off, how about redirecting all internet activity of the victim/perpetrator to a static web page they must repeatedly click to bypass?

For most users this would be adequate notification and encouragement to fix the problem.

Re:Workable Solution???

[jhunsake]

internet activity of the victim/perpetrator to a static web page

Repeat after me: the internet is not the www and vice-versa

Re:Workable Solution???

[gnu-generation-one]

"Repeat after me: the internet is not the www and vice-versa"

You don't work for Verisign do you?

Re:The GPL is a licese to Steal

[geekoid]

they would go the way of the scribe.
big deal. Do You relize how much money non it corporation would save if they didn't have to write the same damn database interface? Wouldn't it be great when you needed to acess the registry, you could fnd a pice of code, and just integrate it?
it would save many industries billions of dollars.
And they will still need developers to tweak the software for there special needs.
The only way Software development can become more like structured engineering is if all the information on how to do things is public, other wise people keep trying to figure out haw to build the same damn bridge everyday.

Profit is not evil, but controlling information that would help more people if it where open is evil... well bad.

there are companies making money with Open source.

good idea

[kaan]

This seems like a good (and almost obvious) solution. Forget blocking a Hotmail account, block the entire computer from getting net access in the first place. I like it.

Statistical analysis

of traffic can easily be used to find and stop spammers. I am amazed that all ISP are not doing this.

I wonder if

[Pingular]

Gator, (also know as Claria) is included on the list?

( score; +1, Informative)

Journal

This is news? TOS Enforcement is new?

How is this news? My local ISP has been doing this for years. It's called "enforcing terms of service" on offending accounts.

Ask Slashdot

[handy_vandal]

Okay, I know this is offtopic as hell ....

Then don't post it here -- send it (in the form of a question) to Ask Slashdot.

Re:Ask Slashdot

[stefanlasiewski]

Then don't post it here -- send it (in the form of a question) to Ask Slashdot.

Then we will never ever see the question. Or was that your intention?

Re:Ask Slashdot

[handy_vandal]

Then we will never ever see the question. Or was that your intention?

We might possibly see the question via Ask Slashdot -- isn't necessarily a dead letter office. Probably not: I assume that the editors get way more Ask Slashdot questions than they post, so it's likely that any given question won't get posted. But it could happen; and in any case, it is the appropriate way to initiate a new topic.

It's not my intention to suppress the issue. But I'm against off-topic discussion, because it dilutes the value and works against the spirit of topic-based forums such as SlashDot.

-kgj

Finland Too

[BOFHelsinki]

FWIW, this is soon likely to take place with Sonera, Finland's biggest ISP, as well.

Swedish Telia and Finnish Sonera (both stemming from the old national telephone companies, thus big players) merged into TeliaSonera last year, but still appear under the original names in the respective countries. Certainly they have a single policy on this.

And Sonera especially has lately had serious, even nation-wide trouble delivering emails, due to worms flooding the system. Actually I wonder why it was Telia that took these measures first -- I haven't read of similar trouble there. (Yeah, maybe I didn't get the email.)

Thank Heavens!!

[mharris007]

At least major ISPs are recognizing that trojans and spammers are a major issue. I wish more ISPs would maintain a blacklist of trojaned and spamming computers, that takes some of the hassle up farther upstream, so it isn't wasting my bandwidth when I recieve a crap load of spam, or trojan attacks (Code Red comes to mind).

This is a heaven sent, and more ISPs should follow suit.

WHY?

[sinserve]

Shouldn't this be "YRO" instead of "Spam"? One man's spammer is another's Information Minister.

Re:WHY?

[drinkypoo]

Maybe that's the real reason we went to war... It wasn't Weapons of Mass Destruction, it was Weapons of Mail Distribution.

ICARUS and Spammers

We've been using ICARUS to do this for a while now.

Lies, damned lies and Telia

[Dr.+q00p]

Actually, last year (2002-10-29, if I remember correctly) they closed down all SMTP traffic from DSL accounts without any type of notice. Yes, you did read that correctly. Without notice!

A lot of companies and individuals switched other companies like Bostream and Bredbandsbolaget. I don't think anyone ever regretted this. Because Telia mostly....hm, is not that good. :)

This had one amusing side effect thou. Telias customer support service used DSL and could not send any mail to their clients. Nice going...

Re:Lies, damned lies and Telia

[lordholm]

And bostreams DNS-servers (for their 512kbit service) refuse to obtain MX-records from external hosts.

Solution: use a public DNS-server.

My heros!

[trudyscousin]

Think I'll head over to my nearest IKEA store and toast these guys with a meatball. Here's to 'em!

Re:My heros!

Yeah, Telia indeed is the Ikea of ISPs. Same kind of quality aspirations :-P

(In case you don't know, Telia generally offers the kind of lousy service you'd expect from a former State owned bureau still quite perplexed at suddendly being free and out in the open... And I hope you don't own any of the cardboard assemblies known as "Ikea furniture".)

Meatballs, that's another thing. Mmmm... meatballs...

What real good will this do?

[dysprosia]

Ok, so blocking them is a good thing, sure - but what long term good will this do: a spammer will just move right along to the next ISP that doesn't give 2c about sending spam and it will continue...

Maybe if more ISPs followed suit, this would be more pleasing, but what to do with dedicated spamhausen out there?

Re:What real good will this do?

[Hittis]

Well...

I maintain a pretty large network (about 300 locations with more than 30K akademic and other users) and we have rules handling this.

If a computer is relaying spam we ask the local organisation (school for example) to fix the problem within a fixed amount of time. If the local organisation is unwilling or unable to fix the problem we will help but we can shut down the links for the local organisation completeley. If we didn't do that then we ourselves would be shut down. What I hope is that, someday, the ISPs will do the same at each other.

The clueless/ignorant ISP wont survive long if they didn't implement proactive rules for handling abuse.

If the peer process worked then this wouldn't be a problem but more often than not the end user gets to carry the blame.

I Don't care if an ISP is the largest in a country... Shut them down untill they rectify the problem.

Oh.. BTW. A general filtering is not a solution. It would block a market (appliances that take care of your internet service needs like mail, web and so forth) and make it a "HTTP" only network.

I am all for Telias new rule. It will work (I must think like that unless I wan't to go postal :) )

Re:What real good will this do?

[You're+All+Wrong]

It means that all the customers of that ISP can sit back and know that they won't have their netblocks blacklisted.
Cornering them is the next best thing to actually purging the net of them.

YAW.

We used to do this at DirecTV Broadband

When I worked for DTV BB DSL we'd cut off the access of our customers that were spamming/had trojans or were mass scanning the network. We'd send a email to thier contact address to let them know. (I'm not sure how we expected them to check.) Usually they'd call us to ask why thier service was off and then get transfered to abuse.

On the otherhand, we also double charged customers, charged $10/mo. extra to turn on NAT in our routers and on occasion continued to bill for months after they canceled (I saw a case of two years once.) Of course our service agreement says anything after 6 months is undisputable.

cliche!

I for one welcome our new swedish spam blocking overlords.

Re:cliche!

Imagine a Beowulf cluster of these.

Re:cliche!

Does anyone know if it is possible to fetch down a Windows box by telnetting into some port or other and typing random characters? I'd like a Revenge Daemon that would fight back at the script kiddies who keep abusing my FTP server! They stick 100Kbyte files with numeric-only names all over my write-only upload area, and it's a pain in the ass deleting them. I'd rather have something that says DON'T TOUCH and MEANS it.

Censorship.

I'm against spam, but I'm more against ISPs deciding what I can do with the service I pay for. If they decide spam is bad, how long before they decide mp3s or porn should be on the "get blocked" list? Or perhaps they'll decide to block access to certain sites like pro-NRA ones? Oh wait, Symantec has already got that covered.

Just make spam illegal and arrest the fuckers. No need to quash user rights in the process. Of course, I'm American so I have no idea what kind of freedom of speech rights you have in Sweden. Maybe you're already used to this kind of thing.

Re:Censorship.

[ioErr]

Telia's terms of use state that the customer may not use their service to send spam, and that he will have his connection terminated if he does. If someone wishes to send spam then he'll just have to find an ISP that is willing to sell him that service.

Re:Censorship.

I had a whole longish reply prepared trying to explain to our anonymous coward and the moderators who have little clue why taking infected systems off-line is not only not censorship, but a good idea.

But then I decided that this is absolutely obviouss. People who have to ask such things should not ever own a computer in the first place.

Re:Censorship.

[mst]

If they decide spam is bad, how long before they decide mp3s or porn should be on the "get blocked" list?

Many ISP:s already will block you if you try to share mp3:s etc and they get prodded by your "favourite" record association. And since that type of behavior is already taking place - desirable or not - I personally am almost happy to see one ISP now doing something more constructive with their surveillance as well by trying to stop spam, which really is bad.

But then again, I live in Sweden ;)

Re:Censorship.

"Of course, I'm American so I have no idea what kind of freedom of speech rights you have in Sweden. Maybe you're already used to this kind of thing."

Being American shouldn't be an excuse for ignorance about the rest of the world. And it certainly isn't an excuse for by default assuming that any non-US nation is just an inch away from fascism.

The Swedish freedom of speech constitution is both older and stronger than the American. Just as an example: It's *illegal* for the press to reveal their sources, even if the police comes waving their badges. Just try that one in the land of the free when FBI comes knocking on the door.

Re:Censorship.

[borius]

The Swedish freedom of speech constitution is both older and stronger than the American

Half-truth. Sweden gained freedom of speech in 1766 but it was lost in 1792, after king Gustav III repealed it.

Re:Censorship.

> Of course, I'm American so I have no idea what kind of freedom of speech rights you have in Sweden. Maybe you're already used to this kind of thing.

Why do they do it? Because they CAN! Telia (old "Televerket" = AT&T/Bell) is still a government corporation (majority shares owned by gov) that is used to bully customers around. Telia also got nicknames like "Stelia" and "Felia" (Stiff-ia and Flaw-ia) because of their "customer friendlyness".

I really think that something like this need to be done, a warning goes out (in writing, not everyone use the mail provided by ISP) - if ignored, they pull the plug.

It seems it's a good move, i dont know to endorse it or to scream CENSORSHIP! Spam is on it's way to become illegal over here after EU voted spammers of the planet a few months ago.

Re:Censorship.

I love the new spam laws in the UK

from http://news.bbc.co.uk/1/hi/technology/3131252.stm

From 11 December, it will be illegal for UK companies to send junk messages to individuals unless they are already a customer or have given their permission. If they break the law they could be fined 5,000

So business 2 business spam is okay, or individuals can spam other individuals - okay then....

European Legislation to combat it has come into effect this month to block it, http://news.bbc.co.uk/1/hi/business/3068627.stm but as usual it seams to be haphazarard across the EU with different rules in different countries.

Re:Censorship.

[jonbryce]

The European parliament has voted to make spam illegal. It will become a criminal offence to send spam in the UK from 11th December, subject to a long list of exceptions. I suspect other EU countries will implement the directive around the same time.

Sweden?

[LadyLucky]

Why not try a holiday in Sweden this year?

Re:Sweden?

[Detritus]

See the loveli lakes

The wonderful telephone system

And mani interesting furry animals

Re:Sweden?

and freeze, fight some polarbears, meet some blondbabes to have fun with ^_^

Re:Sweden?

But remember to take your own beer...

Re:Sweden?

Oh so true:
1) Swedish beer tastes like #!&
2) Sweden has _really_ high alcohol taxes

Re:Sweden?

And theyre ignorant, rude, downright nazi tendancies and too nationlistic to the point its offensive.

Dont trust them.
Expect to be called Javla Engelskman or Nolla or dumb or Idiot and thought of as drunk

I say take yer money elsewhere and spend it. Dont give it to them.

Re:Sweden?

"And mani interesting furry animals"
Actually, the beavers in Sweden are mostly quite well groomed.

Re:Sweden?

Yeah, and don't get caught having a chuff on a joint either. Sweden treats pot as bad as heroin. My guess is that this probably had the desired effect, i.e. fewer kids skinning up; but with the unwanted side effect of more kids jacking up, because you may as well hang for a sheep as for a lamb.

Re:Sweden?

[fiannaFailMan]

...and hot, tall blonde chicks.

Re:Sweden?

[Cygnus78]

You haven't been to Norway, have you ?

Take the expensive Swedish beer prices and multiply by almost 3.

Sorry?

[Dr.+q00p]

The way I see it, Bostream takes a very simple approach to mail. Either you set up your own SMTP-server or you buy an e-mail account from them. If you buy an e-mail account from them, why should you be able to set the "MAIL FROM"-header?

Honestly, I am curious.

Re:Sorry?

[innocent_white_lamb]

If you buy an e-mail account from them, why should you be able to set the "MAIL FROM"-header?

Because the mere fact that you choose to purchase an email account from one provider doesn't mean that you choose to abandon any and all other email accounts that you may have for various purposes, perhaps.

I may have an email account for responding to work-related email and another for personal messages, for one example.

Re:Sorry?

[Dr.+q00p]

Yes, but if I was Bostream and you have "licensed" the right to use the address somebody@bostrem.com, why should I let you send any other mail via my SMTP-server?

Re:Sorry?

[Anime_Fan]

If you buy an e-mail account from them, why should you be able to set the "MAIL FROM"-header?

When signing up for their $2.5/mo mail service, one of the main features advertised is being able to send mail. However, they do in fact require you to set the FROM header to your new mail account.

This sucks big time because:
1. I didn't want to spend 4 minutes configuring Postfix to send my mail.
2. When I informed them of the problem they sent me a Win32 MTA (despite the fact that I said I was using Linux).
3. I didn't want to use the new mail account (I have an own domain that gives me shorter mail adresses than their domain name).
4. I already pay $1/mo for a 100MB mail account.

b-one, which I use for my mail won't let me use their SMTP for things other than PHP scripts (beacause, they say: The ISP is supposed to relay mail, in order to reduce the spamload). Telia locks their SMTP servers to allow outgoing mail only from *.telia.com. Bostream does this for their premium accounts as well, but their standard ADSL service is using a very dynamic IP (*.bredband.skanova.com, which it shares with other ISPs). Thus they can't use an IP range to allow outgoing mail (if you want, you can check this page to see how many IP updates I've had. I've had zero downtime until sometime Thursday last week, but I've had _many_ different IPs.

They really wanted me to be able to send my mail with their server, as that was the way it was intended to be used, and it's not really their fault. It's just that a monopoly (Telia) sucks.elia is, in this regard, a much better ISP. This is much due to the fact that they own skanova (which means the other ISPs bite the dust).

And now for your actual question: Why should I be able to set my FROM-header? Simple: In Sweden, you may get a wide range of mail-adresses, none of which you have an SMTP server for. Take my student.liu.se for example. It will only relay my mail if I am on the student network. Telia will only relay if I am on their network. Bostream won't relay at all. An ISP is supposed to give you a service. And with the ammount of spam today, none other than your ISP wants to give you that service. That's why. Simple as that.

Re:Sorry?

[Dr.+q00p]

As always, I am confused. If you have your own domain and run your own mail server (Postfix), why do you need a mail account with Bostream? Why not relay all mail (regardless of domain) from your own server?

Re:Sorry?

[schon]

why do you need a mail account with Bostream?

If you read his email, he's saying exactly that - he DOESN'T WANT OR NEED a mail account with Bostream.

Why not relay all mail (regardless of domain) from your own server?

Maybe because "his own server" (like the University account he mentioned) won't relay for him when he's not connected to it's network, and (since it's a university server) he doesn't have the authority or ability to change it.

Re:Sorry?

[Dr.+q00p]

If you read his email, he's saying exactly that - he DOESN'T WANT OR NEED a mail account with Bostream.

No, sorry, I did not read his email. I did read his /. post though. Did you? If he "DOESN'T WANT OR NEED a mail account with Bostream" why did he order one, for $2.5 a month? Maybe you should read his post.

Maybe because "his own server" (like the University account he mentioned) won't relay for him when he's not connected to it's network, and (since it's a university server) he doesn't have the authority or ability to change it.

Well wiseguy, we are talking Bostream now, an ISP. I so happens that I have Bostream as well, and there is absolutely nothing stopping me from relaying through my own server. I have done so for over a year now.

Please come back when you know what you are talking about.

Re:Sorry?

[Anime_Fan]

No, sorry, I did not read his email. I did read his /. post though. Did you? If he "DOESN'T WANT OR NEED a mail account with Bostream" why did he order one, for $2.5 a month? Maybe you should read his post.

Let's sum this up: I needed an SMTP server. Bostream didn't provide one. So I run my own server.
As compared to the *better* thing: Bostream doesn't allow me to have an own SMTP, but relay all the mail I want.

trojans...

[jlemmerer]

there might be a little problem with the immediate cutting of the line: how do i get rid of the trojan without internet connection (e.g. to download a path or tool form symantec). it would be better to leave at least one port open for these reasons, and if the computer is clean again the customer can call the isp to be fully able to access the net again.

Re:trojans...

[Alkonaut]

They simply assume that you call support to ask why your connection has been cut. Support will provide the information necessary to clean away any trojans etc. I think it would be a better idea to restrict all connections to a page with cleaning instructions instead.

Leper VLAN

[Detritus]

Some Universities have an interesting way of solving the problem. Infected systems are switched to a VLAN that restricts them to accessing a web site that contains information, software and patches on how to clean up their computer.

What should have been done?

[Dr.+q00p]

Maybe they should have blocked the ones sending out SPAM, instead of everybody! Do you honestly think that innocent companies and individuals should be punished? Oh, and without notice by the way.

Re:What should have been done?

[rifter]

Maybe they should have blocked the ones sending out SPAM, instead of everybody! Do you honestly think that innocent companies and individuals should be punished? Oh, and without notice by the way.

The ISP is not innocent; it is their job to enforce policies and to be a good citizen on the net. Unfortunately to block an ISP you do block customers by extension, but this is the only way to get ISPs to do something.

Read before writing

You do not have to publish your changes if the product is for internal use. If you make these modifications for a client you have to give the sources to that client. Binaries compiled with GCC are specifically excluded from being defined as derivative work and therefore not subject to the GPL as long as they don't contain GPLed code from other sources. If your lawyers failed to note this you should consider getting new ones.

BTW, GPL stands for "General Public License", not "GNU Protective License".

Microsoft's "Shared Source" prevents you from using it for any commercial purpose. The GPL does not include any limitations about the purpose for which the code is used. GPLed code is legally used around the world for revenue-generating activities totalling billions of dollars. Violation of copyright law by distributing derivative works of copyrighted material without complying with the accompanying license is not one of them.

Your use of strong language such as as "theft" and "draconian" suggests your view of the issues is distorted by strong negative feelings.

Any hard feelings you might have about Linux are purely a result of your "surprise", resulting from your failure to read and understand a short document before commiting to invest time and money in a project. They cannot be reasonably attributed to any property of the Linux system or any deed of the contributors to Linux.

You are invited to review the GPL and your feelings.

Consider the facts; consider the whois information

Hey you might get the idea of who these guys are from that domain whois information..

I wonder what people would do with the info once they have it.

Re:Consider the facts; consider the jihad

It's quite interesting, this. They've obviously put a lot of work into this. The bait and switch mirror tool is especially amusing, reminds me of the stuff i used to put on mongfish.com.

A tad overobsessive though .. pranking for laughs is jolly good fun, but this formalisation smacks of a deep hatred, which is probably unsound.

Excellent

[AchmedHabib]

Over a period of 4 days, I got 2000+ virus mails from a dsl user in Norway, it would have been very annoing if it wasn't because the virus faked the from field, and my mail server rejected it due to the wrong domain of the sender.
Anyway, the ended shutting down their line at some point, and I guess that people with less strict configured mail servers got really annoyed.

Pro or Reactive?

[flurdy]

So will the be Proactive or just Reactive?

Will the ISP just act when contacted by others or will they actively scan their network for Virus and Spam related request?

If I ran an ISP...

[Alioth]

If I ran a broadband ISP:

1. All users would get a static IP (since there's an expectation that they are always on, there's no point in NOT doing so. In the dialup days you'd have fewer IP addresses than customers, for broadband you can't really do that). Customers having static IPs would make abuse much easier to trace.
2. The initial sign-up would say "Would you like to be protected by our firewall?" with the default option set to YES. The vast majority of normal home users would get some default level of security (known troublesome services, including outbound port 25 filtered, and incoming CIFS filtered etc, plus all Microsoft executables for their ISP email address rejected automatically). People who select NO to this option will be warned of the dangers of doing so, but will have no filtering at all applied to their accounts.
3. A system such as Snort would be run analysing incoming/outgoing traffic and looking for trouble. If a user is trojaned and sending out crap, they get the plug pulled.

Re:If I ran an ISP...

[houghi]

All users would get a static IP (since there's an expectation that they are always on, there's no point in NOT doing so

In Belgium there is a reason not to do so. A commercial one. If you want a fixed IP, you will have to take a more expensive account.

Re:If I ran an ISP...

[You're+All+Wrong]

3 might make you a publisher in some coutries, and therefore responsible for all content that you serve, such as kiddie-pron and illegal MP3s.

YAW

Re:If I ran an ISP...

[cdn-programmer]

Yes... this is a very good idea... so why aren't you the president of an ISP? Get your butt in gear my friend because the NET needs you to lead the way!

As for the "commercial" reason in belgium cited in another reply... the reason for statics not being viable is that they cost more...

Well, that is a concocted abuse of the system.

How would you like it if every time you picked up your cell phone the telco injected a new telephone number? This would allow you to make outgoing calls. If you want to receive calls? Well - get a more expensive account.

That is about the state of affairs with regard to DHCP and the net. IF you want to run a server... you get to pay more even though servers provide the content of the net and thus provide a service to the industry.

Its just one of those aberations that we get in the peering verses client arrangements in the telecommunications industry.

You can read more about these issues here: paper from Telstra on the peering vs client problem at ISCO.org

Ok... back on the topic... Kudo's for Telia!

Re:If I ran an ISP...

[Alioth]

It's a pretty flawed reason, too, IMHO. Trying to milk extra money for static IP addresses means it costs them more to run their abuse department - and there's probably a vanishingly small market of people who would pay extra just for a static IP (I suspect in .be that static IP gets bundled with other 'business' services, like different contention, and cannot be unbundled)

Re:If I ran an ISP...

[Alioth]

Yes... this is a very good idea... so why aren't you the president of an ISP

The market is saturated. I live on an island whose population is 76,000 and we have not one, but FOUR ISPs already. (One ISP only caters for business though). The wires are sold by a monopoly telco, Manx Telecom (they sell ADSL wholesale to the ISPs).

However, one of the ISPs (Domicilium) has just been granted a license to use the fixed base wireless system to provide 5Mbit/s connectivity, competing with MT's wires. They haven't settled on pricing yet, but IF the price is right, I may run a "community ISP" - incoroporate as a non-profit, get a 5Mbit/s link, then share it amongst my neighbourhood via cat5e wiring on my side of the street, and some breed of 802.11x for others in range.

We'll see what happens.

Re:If I ran an ISP...

[The+Creator]

3. Well whatever your exuse you can tell it to the judge.

True every isp should do it

[idsCypher]

well this is a good choice from a isp.

Nice try ...

[foobsr]

... but: ... Telia will block are primarily those that have been infected with "trojans" which are being used, without the customer's knowledge ...

would read better like ... Telia is helping customers who are infected to get rid and be more aware of ...

Telia will learn that.

CC.

I don't get any spam? Why??

I am not going to post my email address, but I can say with pride I get 0 Spam mails.

I used to have an earthlink account (before the spaminator) and I know what it is like to be spammed to death.

But my mail account gets none? My mother started a new account and gets two viagra mails a day.

The only thing I can think of, apart from being cautious where I put the email address, maybe the size of it (14 characters for the first part before the @).

It is strange, but good. :)

Re:I don't get any spam? Why??

[Dunark]

I have Earthlink, and they allow me to create and destroy email addresses via their support website. I made a half-dozen new addresses that are all 15-character random strings, and none of those new addys gets any spam at all. If one of them ever starts getting spam, I'll delete it and create a new one to take it's place.

My original email address (dating back to 1995) gets spammed mercilessly, but I don't use it anymore.

Am I on the list?

[irabinovitch]

I hope they plan on making a list of blocked IPs available and make it easy to get off the list as well. I wonder if they plan to block all traffic to/from those hosts or just SMTP.

Not so gray an area

[87C751]

if they take action against spam, they must take action against kiddie porn, warez etc.

Not necessarily. My ISP (Fuze) recently started blocking outbound port 25 connections unless directed to their SMTP server. Shortly after that, I heated up an older box I have, which used to be the house mailserver. Of course, there was some traffic stuck in its mail queue, which it tried to send. Fuze suspended my service (reported with a web page shown when I tried to go out on the web) until I called the helpdesk. They did this purely based on the appearance of the traffic, and not on the content.

The conversation with the helpdesk guy was kinda amusing, though.

HDG: "Are you familiar with a program called Zone Alarm?"

Me: "Sure. Are you familiar with the SMC Barricade router?"

Re:Why is this news? (major OT)

[1lus10n]

this has nothing to do with the topic at hand, I just clicked through to your website (and although I cant read swedish...) I must say I enjoyed the bush resume`, and rigging the election thing as well. highly amusing stuff.

I also didnt know there were so many Swedish folks on /. , it being so american-centric.

What about all other viruses?

[the_arrow]

I checked the stats for my web-site just the other day, and noticed that I still get a lot of requests for things like /scripts/..%255c../winnt/system32/cmd.exe and /default.ida?XXXX...
Most of them comming from hosts on the Telia network. While I think its good they are finally doing something good for once (I left Telia when they blocked SMTP), will they do anything about all these Code Red and Nimda and all other old viri still on many of their customers systems?

Re:What about all other viruses?

RTFA you moron!

Re:What about all other viruses?

Interesting fact: Viri means men in Latin.

The plural for virus is viruses.

Re:What about all other viruses?

[Nonillion]

I still get these along with code red attempts. But the most annoying thing is that my e-mail address is being used to propagate this stupid Microsoft update e-mail virus. I have had to resort to blocking hundreds of domains to keep it to a trickle, but I still reject upto 50 or more a day. It's REALLY getting old

Re:The GPL is a licese to Steal

[ajs318]

Not sharing your source code with others is theft, pure and simple. See sig. So how can something which enforces sharing be encouraging theft?

block the hosting ISPs, not the spam source

[geoff+lane]

Most spam source is spoofed in some manner, but equally most spam has a real URL or email address for the gulible to contact the spammer.

If you are going to block anybody, block the ISPs that host the web sites and email reply addresses for the spammers - AND LET EVERYBODY KNOW in any error messages you issue. Blocking the real or apparent source of the spam itself is ineffective in the long run.

Re:block the hosting ISPs, not the spam source

[Dunark]

If you are going to block anybody, block the ISPs that host the web sites and email reply addresses for the spammers

The spammers have already thought of that. One thing they do to counter it is to have to URL point to a trojaned PC, and to change the DNS every few minutes to rotate through a large pool of such owned machines.

I'll buy that...

[Nijika]

Seriously, for e-mail administrators it's been like one new variant a week since about oh I dunno, JULY. Most ISPs these days can handle the amount of UCE that's sent through thier systems, but some just barely. Tack on these viruses and you can easily see your e-mail jump four fold. Add to that queueing of messages that are "undeliverable" and your systems, no matter how big, start to falter.

In these instances filters like SpamAssasin may even add to the problem since they often consume more overhead than even SMTP daemons do, so that usually goes out the window as well (It's great, but not on a large scale (perl)). It's better to just let the mail pass than to slow it down like that.

So in theory, let's say you have a mid sized ISP with 6 SMTP relays. You can't run an anti-spam service directly on those boxes because the volume would kill them, so you have to break them off on to their own box. Suddenly you've got 10 or 12 boxes to care for, and when you've got something like this where you have maybe let's say 10,000 customers on your core network infected, more perhaps, things get really ugly. So even if you have that anti-spam monitor broken off on to it's own cluster, you can either leave the filtering up to some vague RegEx rules in your SMTP configuration or you can pass it through the anti-spam devices, causing each peice of e-mail to pass through your system twice, making 3 to 4 connections each.

I'm responsible for a fairly large e-mail system, but not nearly the size of any mid to large scale ISP and it's gotten pretty hairy, I can't even imagine what it's like at a Telia or RoadRunner for that matter. People keep forgetting to look at WHY this is happening, other than MS and hapless users. The SMTP protocol allows it all. Want to find a solution? We need to start moving to something else, as painful as that may be.

Re:I'll buy that...

[42forty-two42]

In these instances filters like SpamAssasin may even add to the problem since they often consume more overhead than even SMTP daemons do, so that usually goes out the window as well (It's great, but not on a large scale (perl)).

I want a Ponie.

Re:The GPL is a licese to Steal

[Interfacer]

>>Wouldn't it be great when you needed to acess the registry, you could fnd a pice of code, and just integrate it?

you can do this already. it is called an SDK, and it is installed with Visual Studio.

Clueless?

[Dr.+q00p]

Chain of events:

1. The ISP AOL begins bouncing all e-mail from the ISP Telia due to large amounts of SPAM from some of Telias DSL customers.

2. Telia blocks all of their DSL customers (companies and individuals) outgoing SMTP (port 25) traffic.

3. eddy states (correctly) that: Telia is mostly known for their suckage over here. They've made several false starts, including blocking SMTP completely at their border making it impossible to host ones own mail server.

4. BetterThanCaesar asks (regarding Telias SMTP blocking): What would you have done?

5. I answer: Maybe they (clarification for the clueless: "they" is a reference to the ISP Telia) should have blocked the ones sending out SPAM, instead of everybody! Do you honestly think that innocent companies (another clarification for the clueless: these "companies" are customers of Telia) and individuals should be punished? Oh, and without notice by the way.

6. You claim that: The ISP is not innocent; it is their job to enforce policies and to be a good citizen on the net. Unfortunately to block an ISP you do block customers by extension, but this is the only way to get ISPs to do something.

7. We conclude that you are clueless, and apparently /. as well since you been modded to a score of 2....eh, hmmm....well I guess we knew the last bit, but I expected more from you.

Re:Clueless?

[GreyPoopon]

Maybe they (clarification for the clueless: "they" is a reference to the ISP Telia) should have blocked the ones sending out SPAM, instead of everybody!

I hate to tell you doc, but based on context, the reference to "they" could have easily been interpreted as AOL -- even if Telia makes more sense. The followup response about the ISP not being innocent was in reference to Telia with the assumption that your previous reference to "they" meant AOL.

Re:Clueless?

[rifter]

"Maybe they (clarification for the clueless: "they" is a reference to the ISP Telia) should have blocked the ones sending out SPAM, instead of everybody!"

I hate to tell you doc, but based on context, the reference to "they" could have easily been interpreted as AOL -- even if Telia makes more sense. The followup response about the ISP not being innocent was in reference to Telia with the assumption that your previous reference to "they" meant AOL.

That is how I interpreted it, indeed. You have to be careful with vagaries like they. You could mean anything. Even the amorphous "they" that is responsible for world conspiracies, windows backdoors, and all the missing pencils. Or you could mean the underpants gnomes. I chose to interpret "they" in this context as meaning AOL. really! :)

Or people who aren't allowed to help...

[Channard]

I used to work at a computer helpdesk dealing with customers (I'm thankfully working at a better one now), and we had no incentive to fix problems. We were pressured to get a certain number of calls dealt with - so if we fobbed off a customer with crap, we'd look good. If on the other hand we genuinely tried to fix a problem, seeing it through to the end, we'd get a happier customer, but moaned at by management. The problem is not just cluelesness - I often had the tech knowhow to fix problems - but that it's volume of calls not fix rates that count.

Education Of Hacking With Geolgautz

Hello
Someone here have a form procesor .pl
I want to pay this form procesor
For More Question Please e-mail me :
Geolgautz@ebay-hackers.com
Thanks!

Telia

[vonFinkelstien]

I am still miffed at Telia for sending me a cease and desist order when their random snooping of the net traffic revealed that I was downloading an episode of the Simpsons (I have no TV, so I relied on p2p for my Simpsons fix).

I know I was doing something against their policy and against the law (maybe). But it still miffed me that they were looking at what their customers were down/up loading.

Re:Telia

[swordgeek]

So let me get this straight.

You were knowingly breaking your contract with them and likely the law, and when they used the part of their contract that says "we can monitor you to our hearts content" to prove it, they told you to stop it. That's all they did? And you're MIFFED at them for this??!!
They could have cut your service and passed your name to the police to possibly make a test case of you. Count yourself lucky that they were so forgiving.

Re:Telia

[vonFinkelstien]

I did not know it was against their contract (who reads such things), but that did not miff me. What miffed me was that look to see what is being downloaded viewed by users.

That is an invasion of privacy.

Re:Telia

[swordgeek]

Um...no. Sorry, you're wrong.

There is no invasion of privacy here, because Telia explicitly denied (in the contract that you're too damned lazy to read--that doesn't remove your responsibility to be held by it) and guarantee or expectation of privacy. If you thought otherwise, then it was because you deluded yourself, despite fair and reasonable attempts by Telia (the other party to the contract) to make their authority clear to you.

I don't like contracts like this, but if you agree to one, then you've got NO ONE at all to blame but yourself. In other words, it's your own damned fault.

Re:Telia

Fucking whiner! Buy a TV and quit blaming everyone else for your fuckups!

Re:Telia

[vonFinkelstien]

Your sternness seems a little misplaced. Perhaps your English is not very good. I'll help you out a bit, since I teach English.

The key word is "miffed." According to Hyperdictionary Miff is " [n] a state of irritation or annoyance."

I was not angry with Telia. I was just miffed. I stopped all illegal downloads, as per their request. I still haven't read the ADSL contract (why bother--it is nothing about being lazy--do you read your telephone sign up contract?), but I would hazard a guess that no where does it say, "We will be doing periodic snooping of IP content."

I think I was justifiably annoyed and irritated (not angry, however).

Re:Telia

[Raccim]

Well they are not snooping the traffic. Their abusedepartment get complaints from tv/movie companies that "snoop" on Dcc, kazaa etc.... They in turn tell the isp:s that their customers is breaking the law (if you share copyrighted materiel in Sweden you are breaking the law). I have read this BS over and over again that telia is "snoopin" what their customers is sharing. They even tell you in the letter you get that the reason they know you are sharing is because some tv/movie company has found the material on some filesharing program.

The Internet

[Prince+Vegeta+SSJ4]

everybody knows This is the internet

why is this happening?

[Ffakr]

quick question..

If I'm the president of Globaldex Inc.* and a Trojan is spamming products for my company, why doesn't someone of authority (aka. Law Enforcement) come to me and ask a few questions. You know, crazy stuff like, who did I contract to send out email advertisements and such.
I'd imagine that if 1000 computers got broken into by a Trojan, and they are spamming for Globaldex, it would be reasonable to consider Glabaldex an accomplice until they were able to clear themselves.

Why exactly are prople getting away with this?

* Gloabaldex is not real BTW

Re:why is this happening?

[dq5+studios]

Recently over 300 illegal immigrants where arrested at Wal-Mart stores nationwide. Why was Wal-Mart not fined? The illegal immigrants where hired by a sub-contractor, not Wal-Mart, thus making Wal-Mart immune.
Likewise with spamming, Globaldex would simply say we sub-contracted out for advertising, we had no idea it would be spam!

Re:why is this happening?

[Cyno01]

Yes, but they could follow the trail then at least. They may not have busted Wally World, but they probably came down on the sub-contractor or whoever down the line was responsible. Follow the money, find whos responsible, fine the hell out of em.

Re:why is this happening?

Automatically cutting off companies for whom advertisements had been spammed would be even worse.

I am a (hypothetical) competitor for Globaldex.
(1) Post spam for Globaldex's products.
(2) Watch Globaldex get netbanned (or the feds come a-visitin')
(3) Watch Globaldex manage to convince people that it wasn't them who did it.
(4) Repeat from step 1.

Guilty until proven innocent doesn't work for this. Variations on the above tactic are already used to make people's life hell (for example, faked postings fishing for child porn).

Unfortunately this does mean that it's difficult to find and punish those who really *do* originate spam. The question is how many legitimate businesses you are willing to have fail in the process of blocking the spamming scumbags. More than zero? OK, what if yours is the business that fails?

Re:why is this happening?

[Ffakr]

My point was, when you start an investigation like this, you have to start with Globaldex.
Hey, Globaldex is spamming people from a trojan on their machines. Computer laws can be tough... DOJ says we're hauling you into court unless you have someone you'd like to tell us about.
Gloabldex knows who they hired to spam.
It doesn't matter if Glabaldex get's slammed, as long as the real criminals get identified.

As for competitors doing this in the name of Globaldex, well that'd be like framing someone for murder wouldn't it? It sucks, but the cops go after the person who looks guilty. If everything works right, the facts lead to the real source.

Spammers and breakin the law

[djdavetrouble]

Ok, so spam and email are still largely unregulated. In the past months, we have witnessed such tactics as trojans that send spam, trojans that ddos anti spam sites, not to mention the blatant header forging, joe-jobs, etc...

This blatantly criminal behavior upsets me much more than unsolicited email. The line has been crossed from sending spam to criminal hacking of innocent people's computers. I am not sure what the solution is, but this type of thing is not tolerated in other communication types, such as mail or the telephone. Spam has been a problem for at least 10 years now, and I know that the wheels of beauracracy turn slowly, but a nuisance has become a criminal enterprise with no ethics or limits...

Servers on a DSL line

[RT+Alec]

I have many clients on DSL lines, too. They have arrainged with their ISP for a static IP address, and the ISP pretty much lets them do whatever they want to. Any malicious activity, and they know where to find them.

Videotron does it, too...

[pruneau]

Well, It did not happen to me, but I had from a reliable source that videotron (my own ISP as well) started blocking computer infected with some most popular worms/trojan.

I do not know how they do the detection part, but one of my colleagues came for advice on how to clean/up secure his own PC, because it was shut down from the network.

Their method is really simple:

• John Doe machine is infected
• It is shut down from the network
• John Doe calls to investigate what's wrong
• Get an explanation, is reconnected to allow him to download some anti-virus/pers. FW, etc...
• Everybody is happy

I like this attitude, because even if it does not prevent on-purpose spam, it at least prevent unknowable people to spread nastywares. The only problem beeing that the help desk should point to the IPS URL where they explain how to secure your machine. I hope they will get it right...

Only thing that works...

[gweihir]

... is to kick those of the 'net, that are not capable of administrating their box. In my opinion that should actually be required by law.

Vastly less spam?

[Convergence]

This is exactly like the arguments that those who are willing to give up freedom in exchange seldom get either.

I doubt spam will increase much if at all. And now we have ISP mailservers --- or should we say ISP spy&censorship boxes that are the middlemen in all email.

The next time a law says that 'ISPs shall monitor their users for subversive material', its as easy as installing a program.

Use of port 25

[RT+Alec]

There is something wrong with using port 25 for initial mail submission. Submitting a mail message by an end user is a different activity then two SMTP servers transmitting mail to each other.

Initial mail submission is a potential security violation, and certain restraints on relaying mail are important. Here is where SSL and SMTP+AUTH make sense. The user submits the mail, and then can forget about it-- the SMTP server will now handle the rest, including queuing the message in case the remote MX host is down, etc.

Mail transport is between two SMTP servers. MX hosts are looked up, and each tried in a specified order until the message is delivered to an appropriate recieving SMTP server. In some cases, the message is queued for hours or days.

These are different activities, and ought to be handled as such. That is why the alternate ports are used for initial mail submission. While it is true that STARTTLS will work over port 25, it is a disservice to the users of that mail server to configure it that way. What about remote users who's ISP is (responsibly) blocking port 25? Or, as another poster pointed out, silently relaying all outgoing port 25 traffic to their own server? The alternate ports solve this problem quite well.

Re:Use of port 25

[dmeranda]

So if an ISP were truely responsible then they should be blocking port 80 too, huh? Think of all the abuse that goes over port 80!

Yes, I will grant that mail transport and mail submission are two separate tasks. That is why sendmail for instance isolates each activity with separate processes and even security barriers (user/group permissions, etc.). But just because it's two tasks doesn't mean my own computer is incapable of doing both or that I must be forced to allow my ISP to handle one half of it (that would make them an ASP). The main functional difference is that submission is basically an interactive activity whereas transmission is anything but interactive; it's not about preventing me from being responsible for my own email.

However that is not an argument for disallowing SMTP (port 25). In fact one of the strengths of SMTP is its queuing ability...so ideally my mail reader (MUA) would use a mail submission protocol to insert my message into the queue of my MTA running on the same box (or perhaps one amongst my home network). Then my MTA (e.g., sendmail) can sit there happily trying to deliver my mail.

Now if an ISP wants to run an SMTP server for me and I don't mind giving up control of my email, thats an extra service that some may be willing to pay for. Or if an ISP wants to monitor my network usage and block on a case-by-case basis because of abuse then that's being responsible. But blindly disabling the Internet for everybody makes them an INSP (Internet NON-Service Provider).

As far as STARTTLS, it would be a disservice not to configure your SMTP server to use it. Since when is adding security considered a bad thing? Everybody in /. is always griping about how insecure SMTP (supposedly) is, but then turn around and ignore all the features it has.

And furthermore, the primary difficult of preventing spam is identification and authentication of the sender...not of disabling an entire network protocol and substituting another one. Authentication relies on identifying people, and usually involves a complex PKI system which nobody can figure out how to do (think Verisign here), or a haphazard trust-based model like PGP which doesn't scale well. And other experimental protocols do not change that fact. And no, alternative protocols like SMTP+AUTH are not solutions.

SMTP servers

[RT+Alec]

No need to use your ISP's servers at all. Have the admin of the mail server you wish to use configure the server to use SMTP+AUTH on a different port. Even better, use SMTP+AUTH+SSL. No blocking, the chain of responsibility is intact, everybody is happy.

Re:The GPL is a licese to Steal

[SnarfQuest]

Although we met several technical challenges along the way
(specifically, Linux's lack of Token Ring support and the fact that we
were unable to defrag its ext2 file system),


This is probably just another drooling idiot trolling, but...

Why were you trying to defrag the file system? This isn't windows! It is rare that defragging will produce any noticable result (unlike windows, where it is almost a necessity). The reason that you can't find defraggers for ext2 (they actually do exist), is that nobody ever uses them.

MicroSofts "shared source" is considered a joke around here. It lets you LOOK at SOME the code, but you must be a very large "MicroSoft" shop, and you CANNOT make any changes (like fixing bugs), or compile it, or use any of it in your own projects, or do anything useful with it, or tell anyone else about it (NDA). It's absolutely useless.

Remember when MicroSoft was saying they couldn't show the source to anyone, because it would threaten national security. Nothing has changed in the source, but now China gets to look at it. And virus attacks have jumped again.

Your main problem seems to be of the form "it isn't windows so I don't like it". Even your bogus licensing rant is wrong. You really need to talk to someone other than MicroSoft unless you want to keep looking as stupid as this post makes you look.

No, I'm New Here

[New+Here]

No, I'm New Here

Way To Go

[ajs318]

While I like the fact that my ports 20, 21 [ftp], 22 [ssh], 80 [apache], 110 [pop], 443 [apache-ssl] and 3306 [sql] are open, any others might well be too many.

I used to get many connection attempts on port 135; but not having any active daemon on it, not much happened {though invariably the far end would be listening on that port}.

I cannot think of a single reason why anybody would want to expose ports specific to a Microsoft LAN to the outside world. Sometimes I wish there was a "networthiness" test for computers like the roadworthiness test for cars.

Re:Custome tsarkon reports windows is dying

Most of the time, I hear political speeches and think "wow, you are sooooo out of date ..... get with the times already!"



In your case, I think it's more that the times will get with YOU!
And no mention of Soviet Russia either!

PLZ MOD PARENT UP

[valmont]

please mod parent way up.

'tis insanely informative

MOD PARENT DOWN

And yours was not... Do you think the moderators need the extra help?

not gonna work

Aren't most "normal" users on DHCP?
Eventually entire CIDR blocks of users will be blocked, whether or not they have trojans and are sending spam.

They get a new IP, the IP was banned because the last person who had it had trojans... they can't reach Telia...

I am not convinced that this is a very workable solution.

l8,
AC

Yes, same as the first time I said it.

Around 80% of the spam that used to get through the mail filters I have set up for my work network had been from cable/dsl/dialup IP blocks. Adding those IP blocks to the shitlist (thank the gods for blackholes.us) has all but eliminated the spam my users recieve. This has nothing to do with freedom, it has everything to do with my being more willing to piss off a minority of linux zealots than to deal with a deluge of spam. If you want to be able to send mail from your own SMTP server, fine: pay for a business-class connection that allows you to do so; rather than bitching on Slashdot about "inferior Internet service." If you don't like ISPs blocking SMTP traffic from your home connection, then shut the fuck up and *PAY* (yes that's right GNU hippies, you actually have to give people money for this) for a service that allows you to run a mailserver, instead of violating your ISP's AUP so you can be leet and send mail from home.

Re:Yes, same as the first time I said it.

I am a home user who - perfeictly legitmately given my ISP's ToS. If you block my E-mail so be it.

But, you don't have the right to whine if ..say.. you try buying something off me on ebay, and you block my E-mails. I'm not required to go out my way to contact you.

That has been a non-theoretical situation several times now, and I'm NOT kind with the negative feedback in those cases.

What about Telia commercial spammers

[dananderson]

This is not the whole story. Not all of Swedish Telia spam are "viruses." Many (most) are from commercial outfits that use Telia's services with its full knowledge. I wish they would boot them out too. Until they do, I recommend blocking these addresses (all class B, /16): 62.20, 62.107, 194.22, 195.198, 217.208, 217.209, 217.210, 217.211, 213.64, 213.64, 213.166.

These are not all of Telia's blocks but only ones I have received spam from in the past year. Put tem in your /etc/mail/access file. E.g.:

213.64 ERROR:"550 We don't accept unsolicited email from Swedish Telia spammers"

- Dan Anderson (Swedish American who hates Swedish spam as much as Asian spam)

Hopefully my ISP isn't providing an example

[CAIMLAS]

My ISP, in their infinite wisdom, has decided that blocking ICMP (as well as a bunch of other things) is the way to go. They think that providing such 'protection' services will help prevent trogans and hackers. Meanwhile, traceroute and ping do not work. Interesting, because since tehy started their lovely protection racket, the service has gone to utter shit, and I am unable to even tell -how- bad it is. Many times the latency is so bad I'm unable to ssh to remote hosts at all. The connection goes down at least 10 times a day. Etc.

Apparently, though, the ICMP protocol suite is a "business class" service. Wish I didn't sign a year long contract with them 2 months prior to this whole scenario (spurred on by blaster), when they were the best service in the area. :-/

MOD this up!

I have been asking this for a while! The companies that benefit from spamming (really, whether with trojans or NOT) are a large part of the problem!

They must be contactable to benefit from the spam and should be a clear link to whoever actually did the spamming. So why is spamming (through trojans or otherwise) still a problem?

Re:The GPL is a licese to Steal

Furthermore, after reviewing this GPL our lawyers advised us that any products compiled with GPL'ed tools - such as gcc - would also have to its source code released.

Dudes! You hired lawyers as incompetent as you are! Fitting punishment for both parties.

Oh that's just GREAT...

[weeboo0104]

Now where will I get all of my Swedish pr0n?

Well now,

[msauve]

it appears that you are the one to have missed something. I've given a full legal citation, let's see you do the same instead of insinuating that there are some "missed bits."

Customers don't care!

[twitter]

My brother in law told me that he did not care if others were using his computer as a DoS machine, spambot or anything like that so long as he could not tell. I was dumbfounded an otherwise reasonable person could care so little. I'd like his ISP to tell him about things like this by pulling the plug. I suspect most people are like him.

Yanking infected computers off the internet would do lots of good things for the world. It would be the fastest way to kill Microsoft and other inferior software. Nothing much will change until people have to pay for the problems they create.

A good way and a bad way.

[twitter]

Monitoring email volume is good. I'd like it if my ISP monitored activity and shut down machines that started blowing spam out. This simply makes people responsible for their computers.

The way my ISP, Cox, tried to do things is bad. They forced all trafic through their SMTP server. They had already blocked incoming mail, so you could not run a mail server on your own. The new policy keeps you from even being able to send you own mail. This sucks in many ways. The most important way it sucks is that they don't quote email that they can't deliver, not even for their business customers, nor do they provide an adequate time stamp. This leaves people clueless if a mail myseriously fails - you can't tell which of a long serries of messages with the same subject did not make it. Less obviously, it leaves you at the whim of your ISP. They can refuse to send mail to people they don't like and there's nothing you can do about it, short of exchanging shell accounts. This method makes an artificial distinction between "client" and "server" that has no place on a free internet.

So, you see, it's not so simple, not period by a long shot. I don't run shitty software that is liable to get trojans and I've never had this kind of problem. My ISP treats me like a peon and it sucks. I've been punished for other people's problems. Microsoft and Cox both sucks.

Ooh! Spam blocking!

[arothmanmusic]

Maybe they can take the AOL route on keeping out the spam... i.e. deleteing perefectly legitimate email on a regular basis without notifying the sender or intended recipient! I say again... spam removal should be the task of the end-user. Spem prevention should be the task of the ISPs. People who send spam should be kicked off their service, but those who receive it should not be penalized with an "overlord spam filter" that may or may not filter the bad stuff and may or may not let them get the good stuff. Drew

I just moved and ...

[millette]

... dicovered that my new isp is filtering port 25 to any ip other then their own. I was using my own smtp server, and couldn't send any email. A simple nmap showed me that I needed to change that piece of config. All the rest it working perfectly.

I think that's pretty reasonable thing to do for an isp, no? And what if I wanted to get around that, what shoud I do?