Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Snort-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Snort-users] List Bounces?

from [Matt Kettler] Network Security [Permanent Link]
Subject: Re: [Snort-users] List Bounces?
Date: Mon, 25 Oct 2004 20:02:22 -0400
At 01:42 PM 10/25/2004, sam@neuroflux.com wrote: 
Agreed.  Someone doing some vacation/out of office trolling would be nice.


> Will someone do something about this? Every time I post, I get error
> messages from weird places that I can do nothing about.
> --

>
> Begin forwarded message:
>
>> From: postmaster@imedia.fr

I block the entire imedia.fr domain because of this crud. If the site admin over there can't learn to use envelope returns properly, I want no part of mail coming from their servers. They are broken, and dangerous. Once I stop seeing their barrage of misdirected bounces getting kicked off my server, I'll stop rejecting them. Until then, I got 550's a plenty.

However, it would be nice if the snort-users list admin could track them down and remove the offending addresses directly. This has been going on for a long time, and it's getting silly.

In the interim might I suggest this bit from my /etc/mail/access file (for sendmail):

mail.easynet.fr 550 mail systems with broken bounces are not welcome here
postmaster@imedia.fr 550 mail systems with broken bounces are not welcome here
212.180.1.138 550 mail systems with broken bounces are not welcome here
212.180.1.136 550 mail systems with broken bounces are not welcome here

Cleans up the problem real fast. Just run make on the directory after you edit the file.

Same goes for ipadnet.com.br who are also doing the "bounce to from instead of envelope" trick:

200.249.204.129 550 mail systems with broken bounces are not welcome here
postmaster@ipadnet.com.br 550 mail systems with broken bounces are not welcome here


The whole stunt is just as brilliant as spammers who try to spam "DuhInvalid@evi-inc.com" (I've used it in examples before). Gee do you think the address is valid?






-------------------------------------------------------
This SF.net email is sponsored by: IT Product Guide on ITManagersJournal
Use IT products in your business? Tell us what you think of them. Give us
Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more
http://productguide.itmanagersjournal.com/guidepromo.tmpl
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Snort-users] SNORT,ACID,MYSQL no alerts, please help...., Steven Crandell
Next by Date:  RE: [Snort-users] Instructions on Snort as Win2k Service?, Michael Steele
Previous by Thread:  Re: [Snort-users] List Bounces?, sam
Next by Thread:  [Snort-users] Question about rule numbers and Syslog, Truax, Shawn (MBS)
Indexes:  [Date] [Thread] [Top] [All Lists]