Re: VOLKER--Re: Kids bypassing firewall via web proxy sites
Available news archives: comp.lang.tcl - comp.lang.python - comp.security.firewalls - sci.crypt - comp.lang.php - comp.lang.javascript
Google
 
Web news.hping.org


comp.security.firewalls archive

Re: VOLKER--Re: Kids bypassing firewall via web proxy sites

From: Ansgar -59cobalt- Wiechers <usenet-2006@planetcobalt.net>
Date: Mon Mar 20 2006 - 01:47:44 CET



Moe Trin wrote:


> On 19 Mar 2006, in the Usenet newsgroup comp.security.firewalls, in article


> <441d3269@news.uni-ulm.de>, Volker Birk wrote:


>> And perhaps you ought to spend a few minutes reading section 2.1.1 of


>> RFC1036, Moe.


> 


>    1036 Standard for interchange of USENET messages. M.R. Horton, R.


>         Adams. December 1987. (Format: TXT=46891 bytes) (Obsoletes RFC0850)


>         (Status: UNKNOWN)


> 


> Why don't you read RFC2036 then?  Or perhaps you haven't bothered to


> implement RFC3514 - it _is_ an RFC ya know.



You put "I'm an idiot" into a great many words, y'know.



In case you failed to notice: THIS IS USENET, so please re-read section


2.1.1 of RFC 1036 to learn why you're supposed to have your actual mail


address in the From line of any message you send.



> And you are incapable of creating your own local list?  Re-read RFC2821


> section 7.7 - ALL OF IT.



Ummmm. So, which part of that section did you fail to understand? The


fact that this applies to relays (which in the case discussed here are


run by clueless morons who won't bother to implement sensible


filtering)? Or are you suggesting that one should filter (perfectly


valid) NDNs? You gotta be kidding me.



>> All bounces which came in where OK. What do you want to achive with


>> such a filtering?


> 


> Again, read RFC2821 section 7.7. The bounces you complain about are


> due to clueless fools who accept all mail addressed to their domain


> irrespective of whether the recipient exists or not, then later


> discovering "Oppsie, I can't deliver this crap - I better tell the


> sender".



Which is perfectly valid for a relay. Please have a look at D.3 in the


scenarios section. That's of course why nobody (except for spammers)


wants open relays.



> Another subset are those who accept the mail, then run it past a virus


> checker or some such rot, and attempt to inform the purported sender


> that the mail is somehow infected (even when the virus checker KNOWS


> that the specific virus they claim to have detected forges the


> headers).



Which is utterly stupid. But nonetheless keeps happening.



> I see no reason to accept any mail from such a b0rked domain. Neither


> do our users. When these domains try to connect, they get a 553 at the


> HELO/EHLO stage directing them to a web page that explains why, and


> gives both a phone number and snail-mail address if they want to


> discuss it. We get very few complaints.



Good for you. However, some of us can't do that as easily without


violating local laws. Blacklisting is a *very* two-edged sword.



cu


59cobalt



-- 
"If you think technology can solve your security problems, then you
don't understand the problems and you don't understand the technology."
--Bruce Schneier


Received on Mon May  1 00:59:50 2006