speak freely is a Free program for Windows and *nix. It supports strong encryption (by default) and is very light on bandwidth. It works more like a walkie-talkie than a phone though.
Well I didn't read the article (slashdot tradition..), but I read some of the comments, and it appears they're 'monitoring' the server once per SECOND.. 60 times per minute.. 3600 times per hour.
If once every 15 minutes is reasonable, this is excessive by approximately a factor of 900.
Exactly how frequently do you need to hammer a server before it counts as a 'DoS attack'?
djbdns released a patch to ignore verispam's wildcard DNS entry the same day the change happened.
bind released a patch a day or two later.
Judging by the 'calm and measured commentary' I've been reading on various NOG mailing lists, I'd expect many ISP's to be ignoring verispam by the end of the week.
Buy a cheap 'composite' camera (NTSC or PAL) and BT878 capture card on ebay. You can run the signal 100m or more through cheap audio coax with no visible degradation.
I'm using a cheap PAL camera, bt878 capture card, and motion software, plus a cron job to copy the fixed picture to the web server. I used to use a java applet at the client end, but I haven't really got around to setting that up again yet.
At one point I also restricted access using.htaccess and.htpasswd, which is trivial to set up and probably all you need.
The cool thing about motion is that it detects when there's changes in the picture, and can record full-motion mpeg clips whenever something happens. It can also beep, page you, email you, or anything else you care to put in a script, so it'd make a pretty good baby-monitor.
I don't know about wireless.. the same setup would work with one of those 2.4GHz X10 cameras I guess, but be aware that the signal is unencoded and travels for miles, so your pervy neighbours might have access to the full video and sound..
I had 6 webcams around my house for almost two years. Then my computer died and it took me a while to sort it all out, but I'm back. You can view my mailbox and loungeroom on a 15 minute refresh any time you like.
You know what's surprising? I listed all these cameras on various web directories and they rank #1 on several google searches, but I still don't get all that many hits. I've got one regular viewer, and a few people a day drop by but mostly nobody gives a shit.
You're never as interesting as you think you are..
..about a spammer who was harrassed until he had to shut down his operation..
we wish.. harassed == a few phone calls (only 20? wtf?!!) shut down == switched to search-engine and referer spamming
Personally I think 'cost' is where the answer is, but not in the form of an email tax!
Every major ISP needs to clearly define what they consider 'spam', and then lay down enforceable rules about it such as "You WILL be charged a cleanup fee. You WILL be terminated immediately. Your name, company name, and known aliases WILL be publically blacklisted."
Unlike the elsewhere-proposed 'email tax', these costs would only affect spammers.
We go one better; we've got a daemon that tunnels a single address from the 192.168/16 range, and via that we route our 10.x/16 and/or 10.x.y/24 LAN's into one big city-wide WAN. The 10.x/16 addresses are allocated so that they don't conflict within the WAN.
And most of us use DHCP too so if we bring machines to LUG meetings or whatever, they reconfigure themselves altomatically.
And to talk to my ADSL modem I'm using a 172.16.254.252/30 subnet.
The rfc's advice is all very good in theory, but I wonder how many slashdotters have "randomly" choosen 192.168.42/24 or 192.168.69/24 for their local network.
===> SECURITY REPORT: This port has installed the following files which may act as network servers and may therefore pose a remote security risk to the system. /usr/local/sbin/oftpd
If there are vulnerabilities in these programs there may be a security risk to the system. FreeBSD makes no guarantee about the security of ports included in the Ports Collection. Please type 'make deinstall' to deinstall the port if this is a concern.
For more information, and contact details about the security status of this software, see the following webpage: http://www.time-travellers.org/oftpd/ n orbert#
Hell, you could just print out all the data in binary and have someone type it back in too. How is using phone lines better than the solution already suggested?
There's this thing called a 'mo-dem' that will send data down the phone line for you. It's not very fast, but if you're rsyncing 128M of data you might only need to transfer 10-20M every night to keep the backups in sync..
Re:Truly P2P if SOBIG.G contains the spam message
on
P2P Spam?
·
· Score: 2, Funny
Somehow, I seriously doubt blacklists would block every ISP, or even something approximating every ISP. They'd piss off too many of their users that way. ROFL..
While I would never go so far as to say that Linux people purposely write virii to take down Microsoft, I certainly wouldn't say that Microsoft users are the guys writing virii to take down Windows Update.
I also like the theory that the MSBlast virus was written by MS. The primary purpose behind that virus was to annoy all the users enough to patch their systems. - It also required every unpatched MSWindows PC to report itself to MS. MS might be able to use that information.
In support of this theory; blaster didn't attack windowsupdate.microsoft.com, and Microsoft didn't 'switch' sites around as most slashdotters seem to believe. windowsupdate.microsoft.com is the address coded into a clean install of Windows98.
windowsupdate.com was a simple redirect, and was most likely registered because it's an obvious typo.. microsoft probably didn't want it to get registered as a porn site like whitehouse.com.
windowsupdate.com also happened to be on a completely different subnet from the rest of Microsoft's stuff, so there was little danger of the blaster worm affecting any of Microsoft's 'real' websites.
However the theory falls apart at this point. Microsoft removed the DNS entries and took down windowsupdate.com before the worm went live.
The Register of Known Spam Operations lists nearly two hundred more hard-core spammers, along with everything the anti-spam people have been able to find out about them. Check the list, see if any are in your area, and take whatever action you feel is 'appropriate'.
When code-red/nimda hit, our connectivity went completely to shit.. slammer was worse, although it didn't last very long. Years later I'm still seeing a steady trickle of code red and nimda scans.
The last week I've been getting about 300 SoBig emails per day, probably another 20-30 bounces, and almost 1000 "GET/"'s per day peak, although it appears to be dropping off again. It really fucks up my web stats:(
I don't even bother watching the firewalled ports.
Personally, I'd have written a worm that enables automatic updates and XP's inbuilt firewall. If windowsupdate can't handle the load perhaps they shouldn't have designed it in a way that -purposely breaks- normal web caching.
The current round of worms are clumsy and unimaginitive. I think it's only a matter of time before we see a worm that does some -real- damage.
OR there's a chance they intentionally downgraded it (or were told to by UL) because the drive runs rather hot at full speed (several people have commented on this) and this might be an issue in a notebook computer.
I'm surprised nobody else has commented on this yet. (OK, I haven't read all 800-odd comments yet, but..)
The worm attacks windowsupdate.com, which has always been simply a redirect to windowsupdate.microsoft.com and is even hosted on a completely unrelated/24
The internal "Windows Update" menu option opens windowsupdate.microsoft.com directly. Shutting down the windowsupdate.com redirect (either through DoS attack or intentionally by Microsoft) won't make the slightest difference.
It's only going to get worse; google's really expanded on the number of File types it indexes and caches.
One of my clients was recently caught out when google indexed private metadata she didn't know was still there, so I can well understand the gravity of this situation.
This always frustrates me. Everyone thinks these viruses are terrible, but they're truly tame compared to what _could_ be done.
For example; imagine a virus where the 'payload' is encrypted, and chunks of the payload and key are split among several launch points. When the virus encounters already infected machines it shares the key and payload, but until the virus has reached saturation it's almost impossible to collect all the parts and have any idea of what the virus intends to do.
Or more simply (and perhaps more damaging); imagine if the 'slammer' worm had simply gone dormant as soon as it found other already-infected hosts, and instead started introducing small (and progressively growing) changes to all the databases. It might not be noticed for months.
A completely destroyed computer is easily replaced, covered by insurance, restored from backups, business as usual. An effectively unusable database and months of backups similarly damaged is every DBA's worst nightmare.
Traditionally, 111 is New Zealand's emergency number. They used to have a recorded message for 911 and 999 telling people what the correct number was but apparently people would dial 911 in blind panic, hear a recorded message and immediately hang up and dial again without actually listening to the message. So now 911 works too. 999 is still a recorded message.
On GSM cellphones you can choose betweeen 111, 112, or 911 in an emergency.
Interesting note; our pulse dialling is the inverse of the rest of the world's. 999 in the UK and 111 in NZ are really the same number.. 9 pulses, three times.
Slashdot Mirror
speak freely is a Free program for Windows and *nix. It supports strong encryption (by default) and is very light on bandwidth. It works more like a walkie-talkie than a phone though.
Or you could just send GPG-encrypted emails..
Yep, that's what full-rate ADSL customers pay for traffic in New Zealand, once they get past their pitiful 500M monthly allowance.
"I run linux.. I'm not affected by Windows worms and viruses" - Yeah, you wish..!
Well I didn't read the article (slashdot tradition..), but I read some of the comments, and it appears they're 'monitoring' the server once per SECOND.. 60 times per minute.. 3600 times per hour.
If once every 15 minutes is reasonable, this is excessive by approximately a factor of 900.
Exactly how frequently do you need to hammer a server before it counts as a 'DoS attack'?
djbdns released a patch to ignore verispam's wildcard DNS entry the same day the change happened.
bind released a patch a day or two later.
Judging by the 'calm and measured commentary' I've been reading on various NOG mailing lists, I'd expect many ISP's to be ignoring verispam by the end of the week.
Buy a cheap 'composite' camera (NTSC or PAL) and BT878 capture card on ebay. You can run the signal 100m or more through cheap audio coax with no visible degradation.
Oh yeah.. in reply to your question!
.htaccess and .htpasswd, which is trivial to set up and probably all you need.
I'm using a cheap PAL camera, bt878 capture card, and motion software, plus a cron job to copy the fixed picture to the web server. I used to use a java applet at the client end, but I haven't really got around to setting that up again yet.
At one point I also restricted access using
The cool thing about motion is that it detects when there's changes in the picture, and can record full-motion mpeg clips whenever something happens. It can also beep, page you, email you, or anything else you care to put in a script, so it'd make a pretty good baby-monitor.
I don't know about wireless.. the same setup would work with one of those 2.4GHz X10 cameras I guess, but be aware that the signal is unencoded and travels for miles, so your pervy neighbours might have access to the full video and sound..
I had 6 webcams around my house for almost two years. Then my computer died and it took me a while to sort it all out, but I'm back. You can view my mailbox and loungeroom on a 15 minute refresh any time you like.
You know what's surprising? I listed all these cameras on various web directories and they rank #1 on several google searches, but I still don't get all that many hits. I've got one regular viewer, and a few people a day drop by but mostly nobody gives a shit.
You're never as interesting as you think you are..
we wish..
harassed == a few phone calls (only 20? wtf?!!)
shut down == switched to search-engine and referer spamming
Personally I think 'cost' is where the answer is, but not in the form of an email tax!
Every major ISP needs to clearly define what they consider 'spam', and then lay down enforceable rules about it such as "You WILL be charged a cleanup fee. You WILL be terminated immediately. Your name, company name, and known aliases WILL be publically blacklisted."
Unlike the elsewhere-proposed 'email tax', these costs would only affect spammers.
We go one better; we've got a daemon that tunnels a single address from the 192.168/16 range, and via that we route our 10.x/16 and/or 10.x.y/24 LAN's into one big city-wide WAN. The 10.x/16 addresses are allocated so that they don't conflict within the WAN.
And most of us use DHCP too so if we bring machines to LUG meetings or whatever, they reconfigure themselves altomatically.
And to talk to my ADSL modem I'm using a 172.16.254.252/30 subnet.
The rfc's advice is all very good in theory, but I wonder how many slashdotters have "randomly" choosen 192.168.42/24 or 192.168.69/24 for their local network.
===> SECURITY REPORT:
n orbert#
This port has installed the following files which may act as network
servers and may therefore pose a remote security risk to the system.
/usr/local/sbin/oftpd
If there are vulnerabilities in these programs there may be a security
risk to the system. FreeBSD makes no guarantee about the security of
ports included in the Ports Collection. Please type 'make deinstall'
to deinstall the port if this is a concern.
For more information, and contact details about the security
status of this software, see the following webpage:
http://www.time-travellers.org/oftpd/
Hell, you could just print out all the data in binary and have someone type it back in too. How is using phone lines better than the solution already suggested?
There's this thing called a 'mo-dem' that will send data down the phone line for you. It's not very fast, but if you're rsyncing 128M of data you might only need to transfer 10-20M every night to keep the backups in sync..
plural of virus, 'tard.
Not in any of the dictionarii I checked..
Somehow, I seriously doubt blacklists would block every ISP, or even something approximating every ISP. They'd piss off too many of their users that way.
ROFL..
While I would never go so far as to say that Linux people purposely write virii to take down Microsoft, I certainly wouldn't say that Microsoft users are the guys writing virii to take down Windows Update.
I also like the theory that the MSBlast virus was written by MS. The primary purpose behind that virus was to annoy all the users enough to patch their systems.
- It also required every unpatched MSWindows PC to report itself to MS. MS might be able to use that information.
In support of this theory; blaster didn't attack windowsupdate.microsoft.com, and Microsoft didn't 'switch' sites around as most slashdotters seem to believe. windowsupdate.microsoft.com is the address coded into a clean install of Windows98.
windowsupdate.com was a simple redirect, and was most likely registered because it's an obvious typo.. microsoft probably didn't want it to get registered as a porn site like whitehouse.com.
windowsupdate.com also happened to be on a completely different subnet from the rest of Microsoft's stuff, so there was little danger of the blaster worm affecting any of Microsoft's 'real' websites.
However the theory falls apart at this point. Microsoft removed the DNS entries and took down windowsupdate.com before the worm went live.
We've outed and shut down one minor spammer.
The Register of Known Spam Operations lists nearly two hundred more hard-core spammers, along with everything the anti-spam people have been able to find out about them. Check the list, see if any are in your area, and take whatever action you feel is 'appropriate'.
When code-red/nimda hit, our connectivity went completely to shit.. slammer was worse, although it didn't last very long. Years later I'm still seeing a steady trickle of code red and nimda scans.
/"'s per day peak, although it appears to be dropping off again. It really fucks up my web stats :(
The last week I've been getting about 300 SoBig emails per day, probably another 20-30 bounces, and almost 1000 "GET
I don't even bother watching the firewalled ports.
Personally, I'd have written a worm that enables automatic updates and XP's inbuilt firewall. If windowsupdate can't handle the load perhaps they shouldn't have designed it in a way that -purposely breaks- normal web caching.
The current round of worms are clumsy and unimaginitive. I think it's only a matter of time before we see a worm that does some -real- damage.
OR there's a chance they intentionally downgraded it (or were told to by UL) because the drive runs rather hot at full speed (several people have commented on this) and this might be an issue in a notebook computer.
Fuck!! Preview!! sheep porn damn you!!!
That's just lame and unoriginal. I'd rather look at sheep porn (and aiming to be #1 on a google search for "sheep porn")
I'm surprised nobody else has commented on this yet. (OK, I haven't read all 800-odd comments yet, but..)
/24
The worm attacks windowsupdate.com, which has always been simply a redirect to windowsupdate.microsoft.com and is even hosted on a completely unrelated
The internal "Windows Update" menu option opens windowsupdate.microsoft.com directly. Shutting down the windowsupdate.com redirect (either through DoS attack or intentionally by Microsoft) won't make the slightest difference.
It's only going to get worse; google's really expanded on the number of File types it indexes and caches.
One of my clients was recently caught out when google indexed private metadata she didn't know was still there, so I can well understand the gravity of this situation.
Anyone wants to guess what's the second most dangerous animal for human beings?
Other human beings?
This always frustrates me. Everyone thinks these viruses are terrible, but they're truly tame compared to what _could_ be done.
For example; imagine a virus where the 'payload' is encrypted, and chunks of the payload and key are split among several launch points. When the virus encounters already infected machines it shares the key and payload, but until the virus has reached saturation it's almost impossible to collect all the parts and have any idea of what the virus intends to do.
Or more simply (and perhaps more damaging); imagine if the 'slammer' worm had simply gone dormant as soon as it found other already-infected hosts, and instead started introducing small (and progressively growing) changes to all the databases. It might not be noticed for months.
A completely destroyed computer is easily replaced, covered by insurance, restored from backups, business as usual. An effectively unusable database and months of backups similarly damaged is every DBA's worst nightmare.
Traditionally, 111 is New Zealand's emergency number. They used to have a recorded message for 911 and 999 telling people what the correct number was but apparently people would dial 911 in blind panic, hear a recorded message and immediately hang up and dial again without actually listening to the message. So now 911 works too. 999 is still a recorded message.
On GSM cellphones you can choose betweeen 111, 112, or 911 in an emergency.
Interesting note; our pulse dialling is the inverse of the rest of the world's. 999 in the UK and 111 in NZ are really the same number.. 9 pulses, three times.