Home | Today's Headlines | Contact | New Sites | Job Centre | About

Reader Comments on Aardvark Daily 28 April 2003

Note: the comments below are the unabridged submissions of readers and do
not necessarily reflect the opinions of the publisher.

 

From: Tom Scott
For : The Editor (for publication)
Subj: Spam Busting

I read your mid day update and to say the least I am
mildly disappointed in you Mr Simpson. You have sunk to
the levels of the tabloid press.

Okay in the past you have exposed people etc. But never
have you publicly admitted to hacking. I find this coloumn
repolsive and makes me wonder how low you will go to get a
story.

Aardvark Resonds
Who said *I* hacked the email accounts?
Besides which, I find it very, very hard to have *any* sympathy for someone
who would spam tens of millions of people in an attempt to dupe them out
of their hard-earned cash.

Note: Tom informs me he's complained to Aardvark's sponsor in respect
to today's column.






From: Tony Levaggi
For : The Editor (for publication)
Subj: Paradise Cable modem IP Spoofing

I don't know if anyone else has experienced this. I have
Paradise Broadband via cable modem (not ADSL). I have a 10
GB monthly cap, but typically use a pathetic 60-200 MB. A
quick look at the Paradise web site usage meter today
showed that 'I' had used 2GB in the last 4 days, including
700+MB today whilst at work. You actually get an hourly
breakdown, including IP addresses. I know what you're
thinking, but my PC is not only turned off when not in use,
but I actually have to pull the power cable and network
cable out to close the desk lid. To add further intruige, I
was actually redecorating that room this weekend, so for
most of the weekend, whilst apparantly downloading 40-60MB
EVERY hour (nearly the limit for a 128KB connection), the
cable modem was unplugged from both the power and the coax
cables. The PC was also unplugged from the power and
network.

So I am unusually sure that it is not a poorly configured
PC or a virus/trojan. I phoned paradise and was assured
that my cable modem was 'definitely' turned on and they
quoted a MAC address of the PC currently connected to it:
10:08:0E:AA:BB:A0. I'm not sure that's even a valid MAC
address. They also assured me there was no firewall by
doing a port scan. I do have a firewall. Typically people
using file sharing networks have difficulty getting that to
work through firewalls. The traffic I have apparantly used
is all to clients with dns names referring to
dialup/dsl/cable. This tends to point to file sharing
networks. I am pretty certain that someone has managed to
impersonate the MAC address of my cable modem to get 'free'
traffic for their file downloads. I don't think the cable
modems, which Paradise configure, the home user doesn't
have any access, are capable of being remotely exploited to
act as open proxies etc. Anyway, it was definitely
unplugged for long periods while this traffic was occurring.

Paradise don't seem too keen to discuss this possibility,
but will scrub the traffic and give me a new IP address.
Has anyone else experienced anything like this?

Would I even notice anything other than a slower connection
if someone was using my cable modem's mac address? Is it
possible to use crafted ARP broadcasts to poison the router
tables, or would spoofing the MAC address on a configurable
cable modem work in itself, or using a broadband router
with a configurable MAC address? I don't think I'm ever
going to get any answers from Paradise. If it is too easy
to spoof a connection, it would probably be best not to
publish the answers!




From: John
For : The Editor (for publication)
Subj: Reply - Spam Busting

Today - I only got 17 spam e-mails in my main account, all
deleted and "Yes", I must be a boring friendless person!

Years gone by - I never got a spam email, so I must have
been even more boring!

A few years ago - I am confident in my allegation that my
ISP's mail server was hacked and whole groups of e-mail
account details were harvested (I can almost remember the
day), and my then daily spam intake slowly grew in volume
as my account details were disseminated across the network
of spam merchants.

A year ago - I gave up in the challenge of trace /
routing / dns lookup / reporting to their ISP of the
offending spammers' mail as the volume consumed too much of
my time. I gained some consolation in closing down a few
spammer's ISP accounts, but the volume of my failed invalid
retaliation attempts grew due to the increase in insecure
systems being hacked (particularly Korean edcuation
facilities using MS IIS... maybe a naive state trained MCSE
regime?)

Spam Busting - It must be emphasised that Aardvark has not
disclosed any involvement in hacking (password guess) the
mail accounts of today's subject alleged spammer (don't you
love the legally / politically correct choice of words?).
To whoever did, and then Aardvark for reporting it... "Good
on ya!". I support anyone who seeks to rid us of the curse
of unsolicited bulk mailing.

Now... if we only had a forwarding address service that
could effectively trace / route, report to insecure
system / complain to ISP, and intelligently chase down and
resolve the entry point of such spam... well there is a
businmess opportunity! ...e-mail client add-in, automated
trace, a few humans with passion... hmmm... how do you make
it pay?

Well... a big post for me.... I must be boring.






Hit Reload For Latest Comments

Now Have Your Say

Home | Today's Headlines | Contact | New Sites | Job Centre | About