Re: Illegal use of my server??
From: Benjamin Krueger (benjamin_at_seattlefenix.net)
Date: 05/19/03
- Previous message: Juan José Sánchez Mesa: "Re: Illegal use of my server??"
- In reply to: Bryan Vyhmeister: "Re: Illegal use of my server??"
- Next in thread: Antonio Torres: "Re: Illegal use of my server??"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 19 May 2003 11:33:24 -0700 To: Bryan Vyhmeister <bsd@hub3.net>
* Bryan Vyhmeister (bsd@hub3.net) [030519 11:19]:
> I don't quite understand what happened. How was Squid used to relay
> mail? I'm glad this thread came up because I am just about to deploy a
> Squid cache.
>
> Bryan
It happened because somebody just dropped a proxy server on their network
without fully considering the consequences of their action. They didn't bother
to properly design an access control list, and because it is available on
the public internet, a spammer found it and began to use it for their
spamming ventures. Technically, a proxy server can proxy many different
TCP services. This includes SMTP, IRC, Messaging services, and others.
Now somebody is very upset at his mistake, and is looking to "pursue each
ISP in atempts to track down the guilty parties". Unfortunately, he is
ignoring the person who had the most power to prevent this situation. Himself.
Live, learn, realize that you made a mistake configuring your proxy server,
and get back to working. Unless your business is that of hunting spammers,
it really will not be worth your while to waste money and time chasing ISPs
and shadows of spam fiends.
>
> >The Squid package and port should have a *big* warning sign on them
> >about this.
> >I know of at least one network that was blacklisted due to the lack of
> >tight
> >ACLs on Squid.
> >
> >On Monday, May 19, 2003, at 01:09 PM, Tony Saign wrote:
> >
> >>Any legal gurus out there??
> >>
> >>Long story, but I'll summarize;
> >>
> >>On Friday 05/16 my T1 went down.
> >>In troubleshooting attempts it was discovered that a machine, on my
> >>network was being used maliciously.
> >>Not hacked, but Squid was being used to relay mail (i.e. SPAM).
> >>The machine was immediately brought down, and Squid was disabled.
> >>
> >>I received a call from my ISP, and they are NOT happy.
> >>Looking @ the logs, it appears that several thousand SPAM emails may
> >>have been sent.
> >>
> >>What should I do? Can I pursue each ISP in attempts to track down the
> >>guilty parties?
> >>Can I take any legal action against them?
> >>This is the last straw! I'm so frickin' sick of SPAM, and now people
> >>potentially got some w/ my IP address!
> >>Grrr!!!
> >>
> >>Any suggestions, advice would be greatly appreciated.
Lock down your proxy server, live and let live. Make things right with your
ISP, assure them that you won't be making a proxy server mistake again. Be
certain that you fully consider the consequences of deploying public services
to your network in the future.
-- Benjamin Krueger _______________________________________________ freebsd-isp@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-isp To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"
- Previous message: Juan José Sánchez Mesa: "Re: Illegal use of my server??"
- In reply to: Bryan Vyhmeister: "Re: Illegal use of my server??"
- Next in thread: Antonio Torres: "Re: Illegal use of my server??"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
