• cheap and easy firewall

    From DAVE GOURD@1:124/5013 to All on Thu Jan 31 19:10:38 2019
    Date: Tue, 19 Nov 2002 10:57:08 -0400
    From: DAVE GOURD
    To: HECTOR SANTOS
    Subject: cheap and easy firewall
    Newsgroups: win.server.wish.list
    Message-ID: <1037721428.33.0@winserver.com>
    X-WcMsg-Attr: Rcvd
    X-Mailer: Wildcat! Interactive Net Server v7.0.454.5
    Lines: 49

    Is there any that a very simple "firewall" or local blocking list
    could be added to protect from smtp probes?

    For example, if a lot of probing comes from a certain IP, a sysop could manually add it to a 'deny' list which would not allow delivery of
    mail or attempts to deliver mail trying to verify valid email
    accounts which are later found on the newest "29 million e-marketing
    addresses for $149.99" CD's. (they don't pay me for letting them steal
    the addresses)

    The list could updated at the admins discretion if the issues are
    resolved.

    I know there are firewalls and routers to do this, but something simple
    to stop or at least slow down this activity from known abusers via a
    local list could be MOST helpful.

    The rbl built-in capabilites work great, but as many of us know these
    lists are not perfect and often either overkill or very short of hitting
    the target.

    This would help stop the harvesting of email addresses via wcsmtp.


    Right now I could use something like this, have been getting killed with
    24/7 dictionary probes. I don't mind the oversized log files as much as
    the fact that since 11/01/2002, 6 of our accounts were verified this
    way and 2 of those started getting spam yesterday.

    Reporting the network abuse to ISP's is both labor intense and many
    times as effective as pounding sand up one's butt.

    The spamrbl works great IF the ip's are listed, and getting them listed
    seems to be a lot like hunting for bigfoot or the loc ness monster, and
    as sometimes known good ip's are listed and blocked ONLY because the are
    part of a netblock/dialup pool and not as a separate IP.


    I don't really want to go through the hassle of learning firewalls right
    now and the machine resources overhead, and can't justify the expense of
    good hardware.


    Thoughts or ideas?

    --
    Dave

    --- Platinum Xpress/Win/WINServer v3.1
    * Origin: Prison Board BBS Mesquite Tx //telnet.RDFIG.NET www. (1:124/5013)
  • From KEN CURTIS@1:124/5013 to All on Thu Jan 31 19:10:38 2019
    Date: Sun, 01 Dec 2002 17:41:32 -0400
    From: KEN CURTIS
    To: DAVE GOURD
    Subject: RE: cheap and easy firewall
    Newsgroups: win.server.wish.list
    Message-ID: <1038782492.33.1037721428@winserver.com>
    References: <1037721428.33.0@winserver.com>
    X-WcMsg-Attr: Rcvd
    X-Mailer: Wildcat! Interactive Net Server v7.0.454.5
    Lines: 57

    I use Sygate Personal Firewall (free for personal use) and it can block IP
    and or ports.

    Ken
    On 12/1/02 5:40 PM, DAVE GOURD wrote to HECTOR SANTOS:

    Is there any that a very simple "firewall" or local blocking list
    could be added to protect from smtp probes?

    For example, if a lot of probing comes from a certain IP, a sysop could manually add it to a 'deny' list which would not allow delivery of
    mail or attempts to deliver mail trying to verify valid email
    accounts which are later found on the newest "29 million e-marketing addresses for $149.99" CD's. (they don't pay me for letting them steal
    the addresses)

    The list could updated at the admins discretion if the issues are
    resolved.

    I know there are firewalls and routers to do this, but something simple
    to stop or at least slow down this activity from known abusers via a
    local list could be MOST helpful.

    The rbl built-in capabilites work great, but as many of us know these
    lists are not perfect and often either overkill or very short of hitting
    the target.

    This would help stop the harvesting of email addresses via wcsmtp.


    Right now I could use something like this, have been getting killed with 24/7 dictionary probes. I don't mind the oversized log files as much as
    the fact that since 11/01/2002, 6 of our accounts were verified this
    way and 2 of those started getting spam yesterday.

    Reporting the network abuse to ISP's is both labor intense and many
    times as effective as pounding sand up one's butt.

    The spamrbl works great IF the ip's are listed, and getting them listed seems to be a lot like hunting for bigfoot or the loc ness monster, and
    as sometimes known good ip's are listed and blocked ONLY because the are part of a netblock/dialup pool and not as a separate IP.


    I don't really want to go through the hassle of learning firewalls right
    now and the machine resources overhead, and can't justify the expense of good hardware.


    Thoughts or ideas?

    --
    Dave




    --- Platinum Xpress/Win/WINServer v3.1
    * Origin: Prison Board BBS Mesquite Tx //telnet.RDFIG.NET www. (1:124/5013)
  • From DAVE GOURD@1:124/5013 to All on Thu Jan 31 19:10:38 2019
    Date: Sun, 01 Dec 2002 20:40:41 -0400
    From: DAVE GOURD
    To: KEN CURTIS
    Subject: RE: cheap and easy firewall
    Newsgroups: win.server.wish.list
    Message-ID: <1038793241.33.1038782492@winserver.com>
    References: <1038782492.33.1037721428@winserver.com>
    X-WcMsg-Attr: Rcvd
    X-Mailer: Wildcat! Interactive Net Server v7.0.454.5
    Lines: 71

    Thanks Ken-

    I saw that in a web search, wasn't sure from the descriptions and info
    if I could simply block specific IP's. I might try it.

    It still would be nice though if we had some 'cheap & easy' setting/list
    within the SMTP configs.

    --
    Dave



    I use Sygate Personal Firewall (free for personal use) and it can
    block IP and or ports.

    Ken
    On 12/1/02 5:40 PM, DAVE GOURD wrote to HECTOR SANTOS:

    Is there any that a very simple "firewall" or local blocking list
    could be added to protect from smtp probes?

    For example, if a lot of probing comes from a certain IP, a sysop manually add it to a 'deny' list which would not allow delivery of
    mail or attempts to deliver mail trying to verify valid email
    accounts which are later found on the newest "29 million e-marketing addresses for $149.99" CD's. (they don't pay me for letting them s
    the addresses)

    The list could updated at the admins discretion if the issues are resolved.

    I know there are firewalls and routers to do this, but something s
    to stop or at least slow down this activity from known abusers via a local list could be MOST helpful.

    The rbl built-in capabilites work great, but as many of us know these lists are not perfect and often either overkill or very short of h
    the target.

    This would help stop the harvesting of email addresses via wcsmtp.


    Right now I could use something like this, have been getting kille
    24/7 dictionary probes. I don't mind the oversized log files as mu
    the fact that since 11/01/2002, 6 of our accounts were verified this
    way and 2 of those started getting spam yesterday.

    Reporting the network abuse to ISP's is both labor intense and many
    times as effective as pounding sand up one's butt.

    The spamrbl works great IF the ip's are listed, and getting them l
    seems to be a lot like hunting for bigfoot or the loc ness monster
    as sometimes known good ip's are listed and blocked ONLY because t
    part of a netblock/dialup pool and not as a separate IP.


    I don't really want to go through the hassle of learning firewalls
    now and the machine resources overhead, and can't justify the expe
    good hardware.


    Thoughts or ideas?

    --
    Dave




    --- Platinum Xpress/Win/WINServer v3.1
    * Origin: Prison Board BBS Mesquite Tx //telnet.RDFIG.NET www. (1:124/5013)