If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
Ping: Jeff Richards "Firewall vs Spam"
Jeff wrote:
"Stick with it. I think there's something interesting to discover, but I'm not sure what." -- Jeff Richards MS MVP (Windows - Shell/User) Jeff; I think I have reconciled the paradox between what I was seeing and what was actually happening. The spam artists and phishermen I am blocking with the Kerio "Custom Address" prohibits are "e-mail spoofers". This probably made perfect sense to you and anyone else who understands firewalls. It took me a while to get comfy with SMTP lingo before I finally got the picture. The "loopback" rule in Kerio's program simply weeds out these spoofer because they are injecting themselves at unsanctioned ports. As I understand it, this app takes a second look at the appropriate packet and if the right port number, i.e. 25, isn't indicated, it bounces the whole shebang. Because I was getting so many attempted spoofs from Ripe and APNEC compared to other spam, it gave the appearance that I was selectively blocking the spammers and phishers trying to stuff my OE Inbox. I have no way of knowing if spoofing is a signifigant problem for other W98 users. If it is, then hopefully this thread might be of some help in dealing with it. Happy New Year, and thanks, rooster Note: I am still unable to respond in the original thread, but I would appreciate any further comments you might have. |
#2
|
|||
|
|||
That makes sense, except that I suspect it is actually e-mail spoofing
probes - they are looking for security holes that would allow them to take over the machine and implement spoofing. -- Jeff Richards MS MVP (Windows - Shell/User) "rooster" wrote in message ... Jeff wrote: "Stick with it. I think there's something interesting to discover, but I'm not sure what." -- Jeff Richards MS MVP (Windows - Shell/User) Jeff; I think I have reconciled the paradox between what I was seeing and what was actually happening. The spam artists and phishermen I am blocking with the Kerio "Custom Address" prohibits are "e-mail spoofers". This probably made perfect sense to you and anyone else who understands firewalls. It took me a while to get comfy with SMTP lingo before I finally got the picture. The "loopback" rule in Kerio's program simply weeds out these spoofer because they are injecting themselves at unsanctioned ports. As I understand it, this app takes a second look at the appropriate packet and if the right port number, i.e. 25, isn't indicated, it bounces the whole shebang. Because I was getting so many attempted spoofs from Ripe and APNEC compared to other spam, it gave the appearance that I was selectively blocking the spammers and phishers trying to stuff my OE Inbox. I have no way of knowing if spoofing is a signifigant problem for other W98 users. If it is, then hopefully this thread might be of some help in dealing with it. Happy New Year, and thanks, rooster Note: I am still unable to respond in the original thread, but I would appreciate any further comments you might have. |
#3
|
|||
|
|||
Jeff;
That makes sense to me, now. Thanks for the 'hand holding' while I sorted this out. It make me wonder, though, what was happening before I started "denying" them and they were, presumedly, making it as far as my Inbox notices? Would that constitute a successful probe? rooster |
#4
|
|||
|
|||
The only thing I can think of is coincidence - they were spamming you at
about the same time as they were probing for a security hole. Typical spoofing is kept secret from the operator of the machine being spoofed - they don't want to alert you to the fact that they have found a hole. OTOH, it might not be spoofing - they might have used the hole to deposit messages into your inbox. This is a much less serious security issue, as it affects your machine only. In that case, blocking the probes would have stopped the messages. AFAIK, the same security hole cannot be used for both purposes. -- Jeff Richards MS MVP (Windows - Shell/User) "rooster" wrote in message ... Jeff; That makes sense to me, now. Thanks for the 'hand holding' while I sorted this out. It make me wonder, though, what was happening before I started "denying" them and they were, presumedly, making it as far as my Inbox notices? Would that constitute a successful probe? rooster |
#5
|
|||
|
|||
Jeff;
Since the spam from those sources stopped when I defined the appropriate "Deny" rule, I deduce that they were using spoofing to get stuff into my inbox. Fortunately, none of it was ever opened. You've been a great help. rooster |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Firewall vs. Spam: Fact or Myth? | rooster | General | 28 | December 14th 04 04:02 AM |
98SE refuses XP home connection | ChrisWhyNotDitchXP | Networking | 10 | November 28th 04 01:01 AM |
Jeff Richards | C | Setup & Installation | 2 | October 9th 04 09:33 PM |