Date: Sun, 01 Dec 2002 17:41:32 -0400   
   From: KEN CURTIS   
   To: DAVE GOURD   
   Subject: RE: cheap and easy firewall   
   Newsgroups: win.server.wish.list   
   Message-ID: <1038782492.33.1037721428@winserver.com>   
   References:  <1037721428.33.0@winserver.com>   
   X-WcMsg-Attr: Rcvd   
   X-Mailer: Wildcat! Interactive Net Server v7.0.454.5   
   Lines: 57   
      
   I use Sygate Personal Firewall (free for personal use) and it can block IP    
   and or ports.   
      
   Ken   
   On 12/1/02 5:40 PM, DAVE GOURD wrote to HECTOR SANTOS:   
      
   -> Is there any that a very simple "firewall" or local blocking list   
   -> could be added to protect from smtp probes?       
   ->    
   -> For example, if a lot of probing comes from a certain IP, a sysop could   
   -> manually add it to a 'deny' list which would not allow delivery of    
   -> mail or attempts to deliver mail trying to verify valid email   
   -> accounts which are later found on the newest "29 million e-marketing    
   -> addresses for $149.99" CD's. (they don't pay me for letting them steal   
   -> the addresses)   
   ->    
   -> The list could updated at the admins discretion if the issues are   
   -> resolved.   
   ->    
   -> I know there are firewalls and routers to do this, but something simple   
   -> to stop or at least slow down this activity from known abusers via a   
   -> local list could be MOST helpful.    
   ->    
   -> The rbl built-in capabilites work great, but as many of us know these   
   -> lists are not perfect and often either overkill or very short of hitting   
   -> the target.    
   ->    
   -> This would help stop the harvesting of email addresses via wcsmtp.   
   ->    
   ->    
   -> Right now I could use something like this, have been getting killed with   
   -> 24/7 dictionary probes. I don't mind the oversized log files as much as   
   -> the fact that since 11/01/2002, 6 of our accounts were verified this   
   -> way and 2 of those started getting spam yesterday.   
   ->    
   -> Reporting the network abuse to ISP's is both labor intense and many   
   -> times as effective as pounding sand up one's butt.    
   ->    
   -> The spamrbl works great IF the ip's are listed, and getting them listed   
   -> seems to be a lot like hunting for bigfoot or the loc ness monster, and   
   -> as sometimes known good ip's are listed and blocked ONLY because the are   
   -> part of a netblock/dialup pool and not as a separate IP.   
   ->    
   ->    
   -> I don't really want to go through the hassle of learning firewalls right   
   -> now and the machine resources overhead, and can't justify the expense of   
   -> good hardware.    
   ->    
   ->    
   -> Thoughts or ideas?   
   ->    
   -> --   
   -> Dave   
   ->    
   ->    
      
       
   --- Platinum Xpress/Win/WINServer v3.1   
    * Origin: Prison Board BBS Mesquite Tx  //telnet.RDFIG.NET www. (1:124/5013)