The beauty of setting the MX records to point at one of the spammer's servers is that it doesn't touch your bandwidth at all. The ISP generating the autoresponse resolves the MX records, gets the spammer's IP and tries to talk directly to that. Your server will stop seeing *any* email for the domain once DNS caches have expired, bounces or legitimate. Of course, if you want to continue accepting the bounces and forward them to the spammer via your MTA with the attendant resource costs, that's potentially more effective. For a start you can send the emails to the spammer's published contact addresses extracted from the spam bounces you are getting, essentially a mailbomb on thier mail box instead of yours.
Setting the MX record has no bearing on whether the email is legit or not though, MX records are purely concerned with delivery, not dispatch. True, someone doing some investigation might notice the IPs matching and jump to the wrong conclusion, so you might want to use something like this in DNS:
@ IN MX 10 send-bounces-back-to-spammer1
@ IN MX 20 send-bounces-back-to-spammer2
send-bounces-back-to-spammer1 IN A <spammer IP 1>
send-bounces-back-to-spammer2 IN A <spammer IP 2>
Which should make it a little clearer what's going on to anyone doing any digging.
A former colleague of mine had one of her domains *seriously* Joe Jobbed like this a short while ago - thousands of bounces a day. Since the domain wasn't actually used for much she contacted the people that were using it, asking them to use an alternate domain as the obvious stop gap. Her next step was novel to say the least...
A brief investigation of a few of the bounces revealed that the spammer was using a variety of email addresses and domains in the message as their contact point. Many of the domains shared the same mail server, which was obviously a co-lo box, so she simply pointed all of the MX records for her domain towards the spammers primary email server. Unfortunately it wasn't misconfigured to actually accept the bounces, but each bounce was tying up resources and bandwidth belonging to the spammer. When she reset the MX records back a month or so later it was all over.
This is only applicable if you have your own domain like in this instance of course, I doubt an ISP would even consider this course of action with one of their subdomains as it's a dubious course of action to say the least. You also lose all use of your domain while the MX records as repointed, so you better be *damn* sure nothing sensitive is going to be received in legit email because the spammer could, if they wanted, accept and read your email.
Interesting and apparently effective strategy though.
Looking at those first two paragraphs you describe the stereotypical *NIX user's view of a Windows user very well. Yet if you replace "Windows" with "Macintosh", then you get the stereotypical Windows user's view of a MacOS user instead.
Linux and MacOS have a similar market share I believe, yet when was the last time you saw an artical about a MacOS exploit in the tabloids and on primetime TV news? I don't think it's fair to blame user expectations for the focus of worms on the Windows platform. It's entirely down to the maximum impact gained by the combination of a massive installed user base combined with "insecure by design" code. I'm fairly sure the proportions of gurus, hackers, users and lusers is pretty much the same on any OS, it's just that Windows numerically has *far* more lusers. Add monumentally insecure applications like Outlook Express and IE installed as standard and you have a recipe for disaster.
ISPs filtering their customer's ports? Now there's a lovely can of worms I've been discussing with a friend at work on and off for a while. He's quite staunchly opposed, where as I'm kinda for, but can see the issues that would be raised with regard to common carrier status could cause problems. Let's face it the Internet would probably be a better place if certain ports were blocked at an ISP's customer facing routers. NetBIOS, DCOM (I'm getting about 40 hits a minute on my DSL firewall from that one at present) and a few others for a start.
The most obvious issue is who get's to decide what is blocked given the possible candidates; the ISP, ICANN, local government or some other body? My current ISP blocks SMTP inbound by default on its DSL lines to prevent boxes being used as relays, but will remove the block on request when they have checked the IP is secure. This is perhaps the way to do it; block the ports by default, but remove the blocks on request if you can justify the need and prove security.
Besides, if you really must run some of those Microsoft centric protocols over the Internet, well, have you considered VPN? If not, do so!
Aside from the possibility SoBig.F is building another SpamNet, in which case we are about to have a *major* deluge of spam, I suspect SoBig.F is the real cause of the slowdown for other reasons. The NZ spammer, Shane Atkinson, is not even listed on Spamhaus' ROKSO list, so unless he's only known there by a company name he's probably small beer.
On the other hand, we have a myriad of compromised Windows boxes sending out new copies of SoBig.F, and poorly configured corporate mail scanners bouncing them back to their faked addresses. All this adds up to a massive strain on ISP's mail gateways, some of which are going to be used to send spam. I suspect the spam is just being slowed to a crawl by the sheer volume of SoBig.F and normal spam inconvenience levels will be restored soon. My money's on September 10th...
Actually, that's almost *exactly* what I do for resilient backups, except I use RSYNC instead of FTP for this. I currently have two laptops and three PCs in use, plus a small NAS I built, all the data on which I backup as I go to either 250MB ZIPs or CD-R depending on how volatile the data is.
Finding removable media is such a pain however, so I replicate all the critical data between systems using RSYNC to both the Linux server, the NAS *and* my primary desktop. I also have smaller RSYNC routines to keep critical data upto date on the laptops and the secondary PC.
The upshot is, from any PC connected to my home LAN I have a choice of three copies of the data just by CDing to the relevent shared directory.
I think, given that I'd have to simultaneously lose my Linux server hard disk, primary workstation hard disk *and* two drives on the NAS RAID to have a problem my data is pretty safe. Oh, and before anyone mentions fire or some other disaster, a copy of the ZIPs and the CD-Rs are at my sister's and I have a copy of her data here. You can tell I've lost a lot of data in the past, right?;)
Nice idea in theory. Unfortunately I suspect it would have even less effect on the spam situation than the "Cigarettes may damage your health" warnings on cigarette packs. Let's face it, given the rate of reduction in smoking when your health is at risk, perhaps even your life as a result of Surgeon General warnings, what effect do you think this is going to have on the typical male with adequacy issues?
Americans only like free markets and capitalism when it works in their favor. When it doesn't, they enjoy getting their government meddling with tolls and taxes and what not.
And this is different from every other capitalist country how, exactly? OK, maybe the US does it more that others, but ultimately regardless of the financial/political/whatever system everyone is looking out for number one. The US just has the biggest stick at the moment and seems quite prepared to give it a swing, in a few hundred years it'll probably be the turn of some other nation(s).
Not for long I suspect! I've received over thirty from an IP block allocated to NASA in the last three hours, and a friend has just emailed to say he's had over two hundred from the same IP block, with over a thousand total. However, the email addresses from the NASA IPs do have a *lot* of.no domains in the email addresses. Hmmm. Maybe the "big organization in Norway" is a NASA observatory or something, it doesn't have to be a native Norwegian company after all...
What interests me is not that I get these things, but where I get them. I've had a subdomain of my ISP where I receive mail for any user automatically for over a decade now, but a few years ago I finally got around to acquiring my own domain and switched all my email over to that. I still access the ISP account mind - everything automatically goes to SpamCop for processing since I'm almost 100% certain any mail received is spam...;-)
Anyhow, I've not used the ISP's domain publicly since, it's scrubbed from my web page, address books, everything, so the only places it still exists are in archives like Deja, the Wayback Machine and spammer's lists (natch), only the latter of which is likely to be an address source for the virus. Yet this is the account that regularly receives worms, which leads me to the conclusion that not only are spammers dumb, but that they use Windows and have no AV protection either, which goes along way to explaining why these thing spreads so fast. It also raises the possibility of writing a more "targetted" email worm that looks for spammer's mailing list files and takes appropriate action. Deleting the files and then very slowly trashing the data on the hard drive springs to mind...
In the US maybe, but not here in the UK where we really do have a corporate death penalty. It's actually called a "Compulsory Winding Up Order" and can be issued by a court when a company if found to have sufficiently dubious trading/financial practices to make it a liabilty to do business with them.
Besides, who do you think can buy the most law makers - IBM or SCO?
I consider looking for alternatives to be a very wise move.
No arguments from me there. FAT32 has serious limitations, especially with the ever increasing security concerns - no FS level encryption option, no journal, file size issues, people are already hitting the partition limits (although in the case an artificial one). I would *much* rather have something like EXT3 or even NTFS which is actually quite a technically advanced file system in design as a standard too.
The problem though is portability - NTFS support under Linux is supposedly flakey at writing, although some people here are saying it's actually OK. I blame Microsoft for this, it seems the result of a typical Microsoft "get the product to market and tweak it later" strategy again; you've heard the parody "Never The Fscking Same" applied to NTFS? EXT2/3 is also a possible solution as I've got EXT3 partitions to mount under NT, albeit as EXT2 with the journal disabled. Although this was using a demo version of the commercial "MountEverything" product by Paragon, which might not be everyone's cup of tea.
I've no idea about the state of EXT2/3 support under OSX, or commercial Unicies like Solaris though; it's never been an issue. Whenever I've needed to share files in corporate environments I've simply used NFS and the network as a translation layer, tunneling the NFS shares over OpenSSH where security was an issue. It's not really applicable when you are porting data from site to site like here though (unless you have a *lot* of bandwidth). I've always had CD/DVD or DAT/AIT tapes available for site to site stuff, quite often turning up with an external AIT drive, PCI/PCMCIA SCSI cards/cables, laptop, CAT5 cables and a tape or three. "How do you want to do this?". That's an *very* expensive way of tackling what should be a simple problem to solve though; using an external USB/Firewire HDD should be *much* easier than it is. That the market really does need a HDD standard as portable as ISO9660 is for CDs is not in doubt.
Actually, he *can* reformat the drive as a single FAT32 partition, and use it on all OSes, since he's not running into a physical limitation of FAT32 but rather a deliberate design limitation. "The built-in Disk Manager" bit means he's running NT/XP and IIRC Microsoft has deliberately limited Disk Manager's FAT32 partitions in an effort to encourage people to move to the more advanced NTFS system. Despite this NT/XP is perfectly happy to access FAT32 partitions *much* bigger than 40GB, as long as they are created elsewhere.
I have successfully created FAT32 partitions in excess of 100GB and mounted them under XP using Partition Magic, Linux's *fdisk tools, and Windows 9x. We're talking a removable drive here, so it's not going to be too much hassle to partition the drive on another OS (it's the partitioning that's the problem, not formatting).
A simple process of elimination shows that FAT32 is the most portable filesystem that offers a realistic level of confidence that your OS wont trash the data. It may not be the most sophisticated system out there, but unfortunately that's the price you pay for portability at present. Plus it has the added benefit that it's accessible from a single DOS/Linux boot disk in emergencies - something that's save my ass on numerous occassions.
Surely "All your base are belong to us!" means *something* around here - it starts off like this:
In A.D. 2101
War was beginning
Captain: What happen?
Mechanic: Somebody set up us the bomb.
Operator: We get signal.
Captain: What!
Operator: Main screen turn on.
Captain: It's You!!
Cats: How are you gentlemen!!
Cats: All your base are belong to us.
Cats: You are on the way to destruction.
Captain: What you say!!
Cats: You have no chance to survive make your time.
Cats: Ha Ha Ha Ha....
Captain: Take off every 'Zig'!!
Operator: You know what you doing.
Captain: Move 'Zig'.
Captain: For great justice.
What would by a *really* nice twist of fate is that come the fateful day Microsoft is prepared for the attack... by running Linux on the windowsupdate.com servers.
Hey, *someone* bought a load of SCO Linux licenses recently after all...;)
Re:not the answer - you got that right!
on
Replacing SMTP?
·
· Score: 4, Interesting
A way of verifying what e-mail addresses & domains are allowed on outgoing e-mails from said mail sever. That would be new, but should be easy to develop.
This has already been developed by the IETF anti-spam working group, well, kind of. They propose that an additional DNS record type (RMX IIRC) is added to your domain that lists all the trusted IPs that may originate email for that domain. That would include your own outbound mailserver IPs, and/or your ISPs depending on the situation, email that doesn't come from one of the listed IPs is highly likely to be spam.
The good points:
DNS *should* already support arbitrary record types and needs no modifications, according to the RFCs anyway, your vendor's code may not!
It's simple to implement in SMTP software, and the IETF was hopeful they would have this up and running RSN.
The bad points:
Something else to manage
Not to good if you have users who are very promiscuous in their choice of sending IP: cybercafe's, numerous dial-up ISPs, home DSLs and so on. The proposed workaround is to use subdomains with different server lists, falling back on an unrestricted list if required, but such use of subdomains in email addresses is not always desirable.
We've been here before, although most of the pundits seem to forget the fact. SMTP was struggling to cope, new features were required and the solution? An enhanced version of SMTP called ESMTP that was fully backward compatible with the previous version, used the same TCP ports and basic protocols, thus allowing a graceful switchover to the new protocol.
A better solution would surely be to add an additional layer of functionality to ESMTP via another HELO/EHLO varient. The additional layer could then add whatever additional security and validation was required by the new RFC to help prevent, or at the very least, filter spam. Also, because it's an RFC, it becomes possible to require, or at least recommend, some of the things people keep moaning about being broken in the current ESMTP.
Besides, (E)SMTP isn't *broken*, it just wasn't designed to do what is now being asked of it because at the time it was designed such things were simply not an issue.
Do you think that download caps and per MB charges over that cap are not to curb people from using P2P?
No, download caps and per MB charges are to maximise profits at the ISP. It basically boils down to:
Get users hooked on P2P
Get users onto a $/MB billing scheme
Profit!!!
Despite all the initial moaning about swamped bandwidth, once the ISPs realised that "???" could be replaced with "$/MB" P2P became the best thing since sliced bread.
Actually, I doubt this is BS in this particular case. The specific case in question is in the financial sector, and it is often a requirement that *all* electronic communication is logged in such places to help prevent insider trading etc. Legitimate or not, if IM provides no logging of conversations then such institutions will need to evict it from their network.
Where *do* they get these numbers from, the RIAA? For a quick experiment this morning I decided to see how long it would take me to process my morning spam. I don't get much international email, other than mailing lists anyway, so pretty much all the email I get overnight is spam. So, onwards to the results:
Having disabled my spam filtering I had 42(!) emails this morning, 39 of which were spam, all but two of which had been picked up by my filters
according a quick grep for the X-Header. Total time to go through all the emails and manually select the spam for deletion based purely on sender/subject was a touch over two minutes. To make things more interesting, I manually submitted all thirty nine spams to the SpamCop webform, and the total time I spent was still less than quarter of an hour.
So, even without *any* automated filtering, that's just five minutes a day for the raw delete, or half an hour for the SpamCop submissions. Multiply out, and for the entire year I am looking at 30 hours and 180 hours respectively (without filtering, remember). If you factor in my filtering, the total time is maybe 5 hours a year, on the outside. With the unrealistic exception of manually SpamCopping every spam, it's hardly in the cost to employer bracket these people keep citing now, is it?
Alternatvely, you could just make the HTML parser aware of the tricks via some easily extensible mechanism and run the spam content detector on the output. For example:
Receive HTML email
Remove any HTML comments
Remove any "non-standard" tags
Remove any redundant tags ( Via<B></B>gra )
Remove...
Pass remnants to content filtering app.
On the otherhand, any HTML email with an excessive HTML comment to content ratio is almost certainly spam anyway, and should probably be discarded as a result.
IIRC, the V Wing was in one of the computer games from Lucas Arts, "Rogue Squadron", and also cropped up in some of the books as well. One quick Google later and it would appear that there are also K-Wings, T-Wings and W-Wings already as well according to this page.
people talk about ip tracing, my question is how long does the typical ISP keep a list of what mac address got what ip?
Wrong question - you don't pin a user to an IP at a specific time that way, although you could. What you do is check your RADIUS accounting logs working backwards from the time in question until that IP is assigned. You then know what user name was given that IP and another cross reference against customer details will reveal who was using the IP at the time. It depends on how much disk space you use for logging - we kept a months worth of logs on disk since space is so cheap, there is no reason why it couldn't be kept indefinately on tape.
That's the theory, anyway. In my experience working at an ISP, only large ISPs and VISPs run RADIUS accounting servers, the authentication server is on a seperate port, and often another IP and server. You can switch off accounting on the dial platform, or just ignore the accounting info and save yourself a server. It's all UDP, so it doesn't matter if the packet is discarded.
As to the RIAA getting subpoenas - the prescedent has already been set with Verizon, and although an appeal is in the works the details of several customers has been handed to the RIAA.
Slashdot Mirror
Setting the MX record has no bearing on whether the email is legit or not though, MX records are purely concerned with delivery, not dispatch. True, someone doing some investigation might notice the IPs matching and jump to the wrong conclusion, so you might want to use something like this in DNS:
Which should make it a little clearer what's going on to anyone doing any digging.A brief investigation of a few of the bounces revealed that the spammer was using a variety of email addresses and domains in the message as their contact point. Many of the domains shared the same mail server, which was obviously a co-lo box, so she simply pointed all of the MX records for her domain towards the spammers primary email server. Unfortunately it wasn't misconfigured to actually accept the bounces, but each bounce was tying up resources and bandwidth belonging to the spammer. When she reset the MX records back a month or so later it was all over.
This is only applicable if you have your own domain like in this instance of course, I doubt an ISP would even consider this course of action with one of their subdomains as it's a dubious course of action to say the least. You also lose all use of your domain while the MX records as repointed, so you better be *damn* sure nothing sensitive is going to be received in legit email because the spammer could, if they wanted, accept and read your email.
Interesting and apparently effective strategy though.
#if _FP_W_TYPE_SIZE < 32 #error "Here's a nickle kid. Go buy yourself a real computer." #endif -- linux/arch/sparc64/double.h
So, the Slashdot Oracle is endorsing Sparc over Opteron? To hear is to obey, Master! ;)
I don't know about that. I'm sure I'd be somewhat wary of having one of these chips in a laptop dissipating 30W/mm a few inches from *my* crotch. ;)
Linux and MacOS have a similar market share I believe, yet when was the last time you saw an artical about a MacOS exploit in the tabloids and on primetime TV news? I don't think it's fair to blame user expectations for the focus of worms on the Windows platform. It's entirely down to the maximum impact gained by the combination of a massive installed user base combined with "insecure by design" code. I'm fairly sure the proportions of gurus, hackers, users and lusers is pretty much the same on any OS, it's just that Windows numerically has *far* more lusers. Add monumentally insecure applications like Outlook Express and IE installed as standard and you have a recipe for disaster.
The most obvious issue is who get's to decide what is blocked given the possible candidates; the ISP, ICANN, local government or some other body? My current ISP blocks SMTP inbound by default on its DSL lines to prevent boxes being used as relays, but will remove the block on request when they have checked the IP is secure. This is perhaps the way to do it; block the ports by default, but remove the blocks on request if you can justify the need and prove security.
Besides, if you really must run some of those Microsoft centric protocols over the Internet, well, have you considered VPN? If not, do so!
On the other hand, we have a myriad of compromised Windows boxes sending out new copies of SoBig.F, and poorly configured corporate mail scanners bouncing them back to their faked addresses. All this adds up to a massive strain on ISP's mail gateways, some of which are going to be used to send spam. I suspect the spam is just being slowed to a crawl by the sheer volume of SoBig.F and normal spam inconvenience levels will be restored soon. My money's on September 10th...
Finding removable media is such a pain however, so I replicate all the critical data between systems using RSYNC to both the Linux server, the NAS *and* my primary desktop. I also have smaller RSYNC routines to keep critical data upto date on the laptops and the secondary PC. The upshot is, from any PC connected to my home LAN I have a choice of three copies of the data just by CDing to the relevent shared directory.
I think, given that I'd have to simultaneously lose my Linux server hard disk, primary workstation hard disk *and* two drives on the NAS RAID to have a problem my data is pretty safe. Oh, and before anyone mentions fire or some other disaster, a copy of the ZIPs and the CD-Rs are at my sister's and I have a copy of her data here. You can tell I've lost a lot of data in the past, right? ;)
Nice idea in theory. Unfortunately I suspect it would have even less effect on the spam situation than the "Cigarettes may damage your health" warnings on cigarette packs. Let's face it, given the rate of reduction in smoking when your health is at risk, perhaps even your life as a result of Surgeon General warnings, what effect do you think this is going to have on the typical male with adequacy issues?
And this is different from every other capitalist country how, exactly? OK, maybe the US does it more that others, but ultimately regardless of the financial/political/whatever system everyone is looking out for number one. The US just has the biggest stick at the moment and seems quite prepared to give it a swing, in a few hundred years it'll probably be the turn of some other nation(s).
Not for long I suspect! I've received over thirty from an IP block allocated to NASA in the last three hours, and a friend has just emailed to say he's had over two hundred from the same IP block, with over a thousand total. However, the email addresses from the NASA IPs do have a *lot* of .no domains in the email addresses. Hmmm. Maybe the "big organization in Norway" is a NASA observatory or something, it doesn't have to be a native Norwegian company after all...
Anyhow, I've not used the ISP's domain publicly since, it's scrubbed from my web page, address books, everything, so the only places it still exists are in archives like Deja, the Wayback Machine and spammer's lists (natch), only the latter of which is likely to be an address source for the virus. Yet this is the account that regularly receives worms, which leads me to the conclusion that not only are spammers dumb, but that they use Windows and have no AV protection either, which goes along way to explaining why these thing spreads so fast. It also raises the possibility of writing a more "targetted" email worm that looks for spammer's mailing list files and takes appropriate action. Deleting the files and then very slowly trashing the data on the hard drive springs to mind...
Besides, who do you think can buy the most law makers - IBM or SCO?
No arguments from me there. FAT32 has serious limitations, especially with the ever increasing security concerns - no FS level encryption option, no journal, file size issues, people are already hitting the partition limits (although in the case an artificial one). I would *much* rather have something like EXT3 or even NTFS which is actually quite a technically advanced file system in design as a standard too.
The problem though is portability - NTFS support under Linux is supposedly flakey at writing, although some people here are saying it's actually OK. I blame Microsoft for this, it seems the result of a typical Microsoft "get the product to market and tweak it later" strategy again; you've heard the parody "Never The Fscking Same" applied to NTFS? EXT2/3 is also a possible solution as I've got EXT3 partitions to mount under NT, albeit as EXT2 with the journal disabled. Although this was using a demo version of the commercial "MountEverything" product by Paragon, which might not be everyone's cup of tea.
I've no idea about the state of EXT2/3 support under OSX, or commercial Unicies like Solaris though; it's never been an issue. Whenever I've needed to share files in corporate environments I've simply used NFS and the network as a translation layer, tunneling the NFS shares over OpenSSH where security was an issue. It's not really applicable when you are porting data from site to site like here though (unless you have a *lot* of bandwidth). I've always had CD/DVD or DAT/AIT tapes available for site to site stuff, quite often turning up with an external AIT drive, PCI/PCMCIA SCSI cards/cables, laptop, CAT5 cables and a tape or three. "How do you want to do this?". That's an *very* expensive way of tackling what should be a simple problem to solve though; using an external USB/Firewire HDD should be *much* easier than it is. That the market really does need a HDD standard as portable as ISO9660 is for CDs is not in doubt.
I have successfully created FAT32 partitions in excess of 100GB and mounted them under XP using Partition Magic, Linux's *fdisk tools, and Windows 9x. We're talking a removable drive here, so it's not going to be too much hassle to partition the drive on another OS (it's the partitioning that's the problem, not formatting).
A simple process of elimination shows that FAT32 is the most portable filesystem that offers a realistic level of confidence that your OS wont trash the data. It may not be the most sophisticated system out there, but unfortunately that's the price you pay for portability at present. Plus it has the added benefit that it's accessible from a single DOS/Linux boot disk in emergencies - something that's save my ass on numerous occassions.
What would by a *really* nice twist of fate is that come the fateful day Microsoft is prepared for the attack... by running Linux on the windowsupdate.com servers. Hey, *someone* bought a load of SCO Linux licenses recently after all... ;)
This has already been developed by the IETF anti-spam working group, well, kind of. They propose that an additional DNS record type (RMX IIRC) is added to your domain that lists all the trusted IPs that may originate email for that domain. That would include your own outbound mailserver IPs, and/or your ISPs depending on the situation, email that doesn't come from one of the listed IPs is highly likely to be spam.
The good points:
- DNS *should* already support arbitrary record types and needs no modifications, according to the RFCs anyway, your vendor's code may not!
- It's simple to implement in SMTP software, and the IETF was hopeful they would have this up and running RSN.
The bad points:A better solution would surely be to add an additional layer of functionality to ESMTP via another HELO/EHLO varient. The additional layer could then add whatever additional security and validation was required by the new RFC to help prevent, or at the very least, filter spam. Also, because it's an RFC, it becomes possible to require, or at least recommend, some of the things people keep moaning about being broken in the current ESMTP.
Besides, (E)SMTP isn't *broken*, it just wasn't designed to do what is now being asked of it because at the time it was designed such things were simply not an issue.
No, download caps and per MB charges are to maximise profits at the ISP. It basically boils down to:
- Get users hooked on P2P
- Get users onto a $/MB billing scheme
- Profit!!!
Despite all the initial moaning about swamped bandwidth, once the ISPs realised that "???" could be replaced with "$/MB" P2P became the best thing since sliced bread.Actually, I doubt this is BS in this particular case. The specific case in question is in the financial sector, and it is often a requirement that *all* electronic communication is logged in such places to help prevent insider trading etc. Legitimate or not, if IM provides no logging of conversations then such institutions will need to evict it from their network.
Having disabled my spam filtering I had 42(!) emails this morning, 39 of which were spam, all but two of which had been picked up by my filters according a quick grep for the X-Header. Total time to go through all the emails and manually select the spam for deletion based purely on sender/subject was a touch over two minutes. To make things more interesting, I manually submitted all thirty nine spams to the SpamCop webform, and the total time I spent was still less than quarter of an hour.
So, even without *any* automated filtering, that's just five minutes a day for the raw delete, or half an hour for the SpamCop submissions. Multiply out, and for the entire year I am looking at 30 hours and 180 hours respectively (without filtering, remember). If you factor in my filtering, the total time is maybe 5 hours a year, on the outside. With the unrealistic exception of manually SpamCopping every spam, it's hardly in the cost to employer bracket these people keep citing now, is it?
- Receive HTML email
- Remove any HTML comments
- Remove any "non-standard" tags
- Remove any redundant tags ( Via<B></B>gra )
- Remove...
- Pass remnants to content filtering app.
On the otherhand, any HTML email with an excessive HTML comment to content ratio is almost certainly spam anyway, and should probably be discarded as a result.IIRC, the V Wing was in one of the computer games from Lucas Arts, "Rogue Squadron", and also cropped up in some of the books as well. One quick Google later and it would appear that there are also K-Wings, T-Wings and W-Wings already as well according to this page.
Wrong question - you don't pin a user to an IP at a specific time that way, although you could. What you do is check your RADIUS accounting logs working backwards from the time in question until that IP is assigned. You then know what user name was given that IP and another cross reference against customer details will reveal who was using the IP at the time. It depends on how much disk space you use for logging - we kept a months worth of logs on disk since space is so cheap, there is no reason why it couldn't be kept indefinately on tape.
That's the theory, anyway. In my experience working at an ISP, only large ISPs and VISPs run RADIUS accounting servers, the authentication server is on a seperate port, and often another IP and server. You can switch off accounting on the dial platform, or just ignore the accounting info and save yourself a server. It's all UDP, so it doesn't matter if the packet is discarded.
As to the RIAA getting subpoenas - the prescedent has already been set with Verizon, and although an appeal is in the works the details of several customers has been handed to the RIAA.