right now I have openbox3 with customized gnome-panel open, a transparent aterm and firebird with 4 virtual desktops open, and I tell you, it look prettier and works faster than any other system. especially now with the preempt patches to the 2.6 kernel and the new 2.4 gnome, all linux needs is games.
How much do you want to bet *some* people will fall for it and sue SCO? I can just hear some linux hackers laughing about the matter in the background.
it's not offtopic, it's just that your mind is tiny and unable to successfully comprehend my universally correct and cosmically significant point. i recommend forced self-termination if the parent post does not get at least +4, insightful.
in the next 100 years they'll figure out how to feed their whole population and stop killing innocent monks.
hooray China, leading the way for humanity!
3. The killer Unix programs (Apache, SSH, PostgreSQL, etc.) don't run as root either. So even if they get exploited, worms can't do much with their rights anyway.
Yes, they do. the apache parent process runs as root, sshd *always* runs as root, and so does postgresql.
Also your first doesn't apply because viruses go through something called EVOLUTION, if the primary OS were UNIX, we'd have a bunch of extremely intelligent and advanced stack smashing worms and viruses. (thank god we don't though.)
heh I wanted to mention how most linux distos don't ship full of enabled servers... then I remembered that they do.
but seriously, you should have a working knowledge of networking before you connect *directly* to the internet. I mean fuck, even a dishwasher can be deadly if you don't know how to use it
here it is: Date: Fri, 15 Aug 2003 08:33:57 +0200 From: Carsten.Truckenbrodt@Bertelsmann.de Subject: AW: [Full-Disclosure] MS should point windowsupdate.com to 127.0.0.1 To: full-disclosure@lists.netsys.com Cc: security@microsoft.com
Hi,
This might be a bad idea. If you let windowsupdate.com resolve to 127.0.0.1 the following will happen: The worm uses spoofed IPs from the local/16 subnet as source address. Pointing all the syn packets to 127.0.0.1 will generate a RST packet from the local host to the spoofed IPs and spread traffic over the complete internal network. Even blocking or routing the normally resolved IP to Null0 will be a lot work because this domain is loadbalanced through the world. That means you get a different resolution depending on your ISP or place in the world.
If you manipulate your DNS, you should give no A-Record back to the worm. With this the worm will not start attacking anything. So setting up a nameserver zone with only a SOA record will do the job for Saturday 0:00.
Best Regards,
Carsten Truckenbrodt Arvato systems Taco Network SnotIing Security
-----Ursprungliche Nachricht----- Von: Tobias Oetiker [mailto:oetiker@ee.ethz.ch] Gesendet: Freitag, 15. August 2003 00:15 An: full-disclosure@lists.netsys.com Cc: security@microsoft.com Betreff: [Full-Disclosure] MS should point windowsupdate.com to 127.0.0.1
Folks,
How about MS standing up for the mess, and changing their own DNS to point all request for windowsupdate.com and whatnot to 127.0.01 ?
This will null the effect of the syn flood very effectively. Only proxies will be affected.
As far as I see it, they will not be able to use these names productively for the foreseeable future anyways...
So they will have to issue an update for windows-updater thourgh other channels (like their homepage for example) to point it to a different web-site.. that should not be all that much of a problem.
If MS does NOT make this change to their DNS, I can see many routers who are trying to track connections toppling over in interesting ways.
Because the local techs have no clue, it will take the affected companies ages to get back on the net.
Did they point windowsupdate.com to 127.0.0.1 ? I hope not, there was a mail on FD explaining that such an action would cause it to DOS the local network..
Also, wtf is up with the site running lunix?
just in case you haven't noticed, most of the content on slashdot are COMMENTS, and while "OH LOOK PSU'S REVIEWED!!" articles might be great for a link-wank like mefi, they do a very fucking poor job on slashdot. I mean, wtf is there to talk about PSU's? "is yours 300W?", "no, it's 350W" ???
the slashdot community is a bunch of idiots, trolls and karma whores, in contrast to k5 where people can actually spell and WRITE ARTICLES WITH CONTENT INSTEAD OF JUST PASTING LINKS AROUND AND EXPECTING READERS TO GENERATE DISCUSSION ON COMA-INDUCING SUBJECTS
seriously, i've recently found myself voluntarily clicking goatse links due to the ever-low quality of articles/comments
get a fucking grip on yourselves eds and start posting articles that promote DISCUSSION and DEBATE, instead of posting shit as new kernal out!!, freebsd releases advisories!!, power units reviewed!! etc
ideally, i think the client should take care of the filtering. Pour your resources into improving context based filtering and let the individual clients do the dumping. Widespread usage of this kind of filtering could make spam even further unprofitable. Since spam is entirely business related, it would likely reduce the numbers of it passing through the network.
From a sysadmin's POV, this doesn't halt the issue of spam eating bandwidth or disk space. I'll address that next.
Disk space depends on what kind of e-mail your organization uses. For POP3, most people delete e-mail on the server after its downloaded, so while the disk space may be consumed with spam, it would be temporary. That is unless you have alot of dead or rarely used accounts. In that case, you should have policies in place for when to wipe user's accounts out after a set period of time. Or set up some kind of forwarding policy. If you're using something like IMAP, then using a server-wide content filtering system as mentioned above would be effective.
For bandwidth, the only way to halt spam from consuming your bandwidth is by blocking packets at the router. If you use SPEWS to dump the e-mail by your e-mail server, its still consumed your bandwidth. So you'd have to block the packets directly. I think this is draconian and should be avoided, for the net's sake. Unfortunately there really is no good solution to this, for as long as spam flows, it flows and consumes bandwidth. The only way to halt it is to halt the initial spamming to begin with. As mentioned above, when your spammer's audience never exists as a result of good content filtering, the spam will be unprofitable and lessen somewhat.
Attacking users and their ISP's won't do much good, aside from causing spammers to jump from isp to isp, something they're readily willing to do. Attacking regular users just makes you a big jerk.
this idea is just as bad as "email tax". remember: WHEN YOU GAZE INTO THE ABYSS, THE ABYSS ALSO GAZES INTO YOU? I prefer SPEWS even if they get occasional bad press.
Slashdot Mirror
right now I have openbox3 with customized gnome-panel open, a transparent aterm and firebird with 4 virtual desktops open, and I tell you, it look prettier and works faster than any other system. especially now with the preempt patches to the 2.6 kernel and the new 2.4 gnome, all linux needs is games.
How much do you want to bet *some* people will fall for it and sue SCO? I can just hear some linux hackers laughing about the matter in the background.
are really limited by the lack of keyboard and mouse controllers.
RTFA, it's a book *and* an animated movie.
Why are they removing Java???
these will help find out what caused the blackouts and what to do so they don't happen again?
I don't see a point unless this includes a tracking device.. I mean, what good is it if my doctor knows I'm dying, but doesn't know where I am??
is it written in basic or is it compiled and just provides an API? I would think the latter, but I'm not sure.
we can wank eachother off whilst playing AD&D and watching FOX news.
it's not offtopic, it's just that your mind is tiny and unable to successfully comprehend my universally correct and cosmically significant point. i recommend forced self-termination if the parent post does not get at least +4, insightful.
in the next 100 years they'll figure out how to feed their whole population and stop killing innocent monks. hooray China, leading the way for humanity!
3. The killer Unix programs (Apache, SSH, PostgreSQL, etc.) don't run as root either. So even if they get exploited, worms can't do much with their rights anyway.
Yes, they do. the apache parent process runs as root, sshd *always* runs as root, and so does postgresql.
Also your first doesn't apply because viruses go through something called EVOLUTION, if the primary OS were UNIX, we'd have a bunch of extremely intelligent and advanced stack smashing worms and viruses. (thank god we don't though.)
heh I wanted to mention how most linux distos don't ship full of enabled servers... then I remembered that they do.
but seriously, you should have a working knowledge of networking before you connect *directly* to the internet. I mean fuck, even a dishwasher can be deadly if you don't know how to use it
here it is:
/16
...
.. that should not be all that much of a problem.
Date: Fri, 15 Aug 2003 08:33:57 +0200
From: Carsten.Truckenbrodt@Bertelsmann.de
Subject: AW: [Full-Disclosure] MS should point windowsupdate.com to 127.0.0.1
To: full-disclosure@lists.netsys.com
Cc: security@microsoft.com
Hi,
This might be a bad idea. If you let windowsupdate.com resolve to 127.0.0.1
the following will happen: The worm uses spoofed IPs from the local
subnet as source address. Pointing all the syn packets to 127.0.0.1 will
generate a RST packet from the local host to the spoofed IPs and spread
traffic over the complete internal network.
Even blocking or routing the normally resolved IP to Null0 will be a lot
work because this domain is loadbalanced through the world. That means you
get a different resolution depending on your ISP or place in the world.
If you manipulate your DNS, you should give no A-Record back to the worm.
With this the worm will not start attacking anything. So setting up a
nameserver zone with only a SOA record will do the job for Saturday 0:00.
Best Regards,
Carsten Truckenbrodt
Arvato systems Taco Network SnotIing Security
-----Ursprungliche Nachricht-----
Von: Tobias Oetiker [mailto:oetiker@ee.ethz.ch]
Gesendet: Freitag, 15. August 2003 00:15
An: full-disclosure@lists.netsys.com
Cc: security@microsoft.com
Betreff: [Full-Disclosure] MS should point windowsupdate.com to 127.0.0.1
Folks,
How about MS standing up for the mess, and changing their own DNS to point
all request for windowsupdate.com and whatnot to 127.0.01 ?
This will null the effect of the syn flood very effectively. Only proxies
will be affected.
As far as I see it, they will not be able to use these names productively
for the foreseeable future anyways
So they will have to issue an update for windows-updater thourgh other
channels (like their homepage for example) to point it to a different
web-site
If MS does NOT make this change to their DNS, I can see many routers who are
trying to track connections toppling over in interesting ways.
Because the local techs have no clue, it will
take the affected companies ages to get back on the net.
tobi
Did they point windowsupdate.com to 127.0.0.1 ? I hope not, there was a mail on FD explaining that such an action would cause it to DOS the local network.. Also, wtf is up with the site running lunix?
You fucking liar !
He forgot SDL. It's very good, I like working with it, nice interface X11, etc.
Soon we will turn into a technocracy (and then robots will kill us all, but let's not get ahead of things).
thanks, this means a lot to me. you know, i was aiming for +5, funny, but failed. i wonder if this has some deeper psychological meaning.
plz mod me down again (try to select the right radio button this time, asshole), i'm on a roll.
will you marry me?
just in case you haven't noticed, most of the content on slashdot are COMMENTS, and while "OH LOOK PSU'S REVIEWED!!" articles might be great for a link-wank like mefi, they do a very fucking poor job on slashdot. I mean, wtf is there to talk about PSU's? "is yours 300W?", "no, it's 350W" ???
the slashdot community is a bunch of idiots, trolls and karma whores, in contrast to k5 where people can actually spell and WRITE ARTICLES WITH CONTENT INSTEAD OF JUST PASTING LINKS AROUND AND EXPECTING READERS TO GENERATE DISCUSSION ON COMA-INDUCING SUBJECTS
seriously, i've recently found myself voluntarily clicking goatse links due to the ever-low quality of articles/comments
get a fucking grip on yourselves eds and start posting articles that promote DISCUSSION and DEBATE, instead of posting shit as new kernal out!!, freebsd releases advisories!!, power units reviewed!! etc
goddamn asshats
ideally, i think the client should take care of the filtering. Pour your resources into improving context based filtering and let the individual clients do the dumping. Widespread usage of this kind of filtering could make spam even further unprofitable. Since spam is entirely business related, it would likely reduce the numbers of it passing through the network.
From a sysadmin's POV, this doesn't halt the issue of spam eating bandwidth or disk space. I'll address that next.
Disk space depends on what kind of e-mail your organization uses. For POP3, most people delete e-mail on the server after its downloaded, so while the disk space may be consumed with spam, it would be temporary. That is unless you have alot of dead or rarely used accounts. In that case, you should have policies in place for when to wipe user's accounts out after a set period of time. Or set up some kind of forwarding policy. If you're using something like IMAP, then using a server-wide content filtering system as mentioned above would be effective.
For bandwidth, the only way to halt spam from consuming your bandwidth is by blocking packets at the router. If you use SPEWS to dump the e-mail by your e-mail server, its still consumed your bandwidth. So you'd have to block the packets directly. I think this is draconian and should be avoided, for the net's sake. Unfortunately there really is no good solution to this, for as long as spam flows, it flows and consumes bandwidth. The only way to halt it is to halt the initial spamming to begin with. As mentioned above, when your spammer's audience never exists as a result of good content filtering, the spam will be unprofitable and lessen somewhat.
Attacking users and their ISP's won't do much good, aside from causing spammers to jump from isp to isp, something they're readily willing to do. Attacking regular users just makes you a big jerk.
this idea is just as bad as "email tax". remember: WHEN YOU GAZE INTO THE ABYSS, THE ABYSS ALSO GAZES INTO YOU? I prefer SPEWS even if they get occasional bad press.