From owner-freebsd-security@FreeBSD.ORG Wed Jun 6 10:41:49 2007 Return-Path: X-Original-To: freebsd-security@FreeBSD.org Delivered-To: freebsd-security@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id B20AF16A400 for ; Wed, 6 Jun 2007 10:41:49 +0000 (UTC) (envelope-from samgarcia.mac.com@mac.com) Received: from smtpout.mac.com (smtpout.mac.com [17.250.248.181]) by mx1.freebsd.org (Postfix) with ESMTP id 9ED7613C4C6 for ; Wed, 6 Jun 2007 10:41:49 +0000 (UTC) (envelope-from samgarcia.mac.com@mac.com) Received: from webmail019 (webmail019-s [10.13.128.19]) by smtpout.mac.com (Xserve/smtpout11/MantshX 4.0) with ESMTP id l56AfhdL026693; Wed, 6 Jun 2007 03:41:44 -0700 (PDT) Date: Wed, 06 Jun 2007 03:41:44 -0700 From: sam garcia To: remko@elvandar.org Message-ID: in-reply-to: <59856.194.74.82.3.1180938612.squirrel@galain.elvandar.org> references: <8F450BE3-0112-1000-9274-4404BC5B0C5D-Webmail-10013@mac.com> <59856.194.74.82.3.1180938612.squirrel@galain.elvandar.org> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Originating-IP: 88.107.13.131 Received: from [88.107.13.131] from webmail.mac.com with HTTP; Wed, 06 Jun 2007 03:41:44 -0700 X-Brightmail-Tracker: AAAAAA== X-Brightmail-scanned: yes X-Mailman-Approved-At: Wed, 06 Jun 2007 11:34:11 +0000 Cc: freebsd-security@FreeBSD.org Subject: Re: security weakness X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Jun 2007 10:41:49 -0000 Hello Remko: sorry to bother you again,after e mailing freebsd-security@FreeBSD.org mailing list, got a reply by the list moderator rejecting my message,stating that there is no valid message from that address,sugesting yet another email address, it doubts the authenticity of your recomendation Remko, you sugested I should look into securing my emailserver installation by preventing unauthorized access. you are of the opinion that ICMP PING is not the cause of spam mailrelaying. could I ask you if my Apple mac is any risk due to the PING portal being open? if so would you advice me on what to do? Thanks again. Sam On Sunday, June 03, 2007, at 11:30PM, "Remko Lodder" wrote: >Hello Sam, > >First of all thank you for taking the time to email the FreeBSD >Security Team. I feel however that this is not the right place >to help you out here. I think you are better of on the >freebsd-security@FreeBSD.org mailinglist instead of the Security Team. > >That said: If your email server was being abused by someone you >need to look into securing your email server installation by >preventing unauthorized access (only relay for domains that >you own and are authorative for, deny the rest), ICMP PING is >most likely (in my opinion) not the cause of your server being >abused of spam mail relaying. > >Goodluck resolving this issue! > >On Fri, June 1, 2007 5:23 pm, sam garcia wrote: >> hello secteam:would like to report a security weakness spotted in a >> security check by my broadband server tiscali. >> security was prompted by inability to send new mails through tiscali mail >> system,had to change password with them,caused by feed back from cantv.com >> ,it informed me that my email was used to send junk mail through tiscali . >> security check spotted the icmp,ping portal open to hackers, as i am >> novice in computers ,would like to ask your advice, please could you help? >> many thanks. >> sam garcia > > >-- >Kind regards, > > Remko Lodder ** remko@elvandar.org > FreeBSD ** remko@FreeBSD.org > > /* Quis custodiet ipsos custodes */ > > > From owner-freebsd-security@FreeBSD.ORG Wed Jun 6 13:18:01 2007 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id C101F16A46E for ; Wed, 6 Jun 2007 13:18:01 +0000 (UTC) (envelope-from fabian@wenks.ch) Received: from batman.home4u.ch (batman1.home4u.ch [217.8.211.226]) by mx1.freebsd.org (Postfix) with ESMTP id 48CFE13C45D for ; Wed, 6 Jun 2007 13:18:00 +0000 (UTC) (envelope-from fabian@wenks.ch) Received: from [IPv6:2002:3e02:55b4:2:20a:95ff:fe8f:6586] (flashback.wenks.ch [IPv6:2002:3e02:55b4:2:20a:95ff:fe8f:6586]) (authenticated bits=0) by batman.home4u.ch (8.13.1/8.13.1) with ESMTP id l56Ch2CA052538 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 6 Jun 2007 14:43:03 +0200 (CEST) (envelope-from fabian@wenks.ch) Message-ID: <4666ABD1.2070100@wenks.ch> Date: Wed, 06 Jun 2007 14:42:57 +0200 From: Fabian Wenk User-Agent: Thunderbird 1.5.0.12 (Macintosh/20070509) MIME-Version: 1.0 To: sam garcia , freebsd-security@freebsd.org References: <8F450BE3-0112-1000-9274-4404BC5B0C5D-Webmail-10013@mac.com> <59856.194.74.82.3.1180938612.squirrel@galain.elvandar.org> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: by amavisd-new Cc: remko@elvandar.org Subject: Re: security weakness X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Jun 2007 13:18:01 -0000 Hello Sam Is this computer running FreeBSD or Mac OS X? If a computer does answer ICMP PING requests, then this is not a security problem. Even if turned off this will not really help in protecting it from abuse (if there are ways to do it). Do you run a mailserver on the computer which tiscali spotted as a source of spam? If not and this is just your desktop computer, then something else (eg. a program) running on your computer does send out spam. This could happen through several methods. If your computer could have been infected by a virus (or could have a break in), then it would be a good idea to do a fresh install from the install CD/DVD. To keep your computer secure you should install all available security updates for the Operating System and also for all installed applications. It is also highly recommended to have good passwords for the accounts on the computer. Did you install or enable any applications / services which run as a server and can be reached from the whole internet? Could this be abused because of a missing or weak password? This are just some hints to check out. I can not really help you any further, as this is to time consuming to do with a computer novice and without direct access to your computer. It would be better if you get some professional computer support in your area, which could be able to find the real source of your problem with the sending out of spam. bye Fabian From owner-freebsd-security@FreeBSD.ORG Wed Jun 6 15:30:46 2007 Return-Path: X-Original-To: freebsd-security@FreeBSD.org Delivered-To: freebsd-security@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id E4CA716A400 for ; Wed, 6 Jun 2007 15:30:46 +0000 (UTC) (envelope-from des@des.no) Received: from tim.des.no (tim.des.no [194.63.250.121]) by mx1.freebsd.org (Postfix) with ESMTP id A21DF13C457 for ; Wed, 6 Jun 2007 15:30:41 +0000 (UTC) (envelope-from des@des.no) Received: from tim.des.no (localhost [127.0.0.1]) by spam.des.no (Postfix) with ESMTP id 9440C20AF; Wed, 6 Jun 2007 17:30:37 +0200 (CEST) X-Spam-Tests: AWL X-Spam-Learn: disabled X-Spam-Score: 0.0/3.0 X-Spam-Checker-Version: SpamAssassin 3.2.0 (2007-05-01) on tim.des.no Received: from dwp.des.no (des.no [80.203.243.180]) by smtp.des.no (Postfix) with ESMTP id 1424C20A6; Wed, 6 Jun 2007 17:30:37 +0200 (CEST) Received: by dwp.des.no (Postfix, from userid 1001) id D9D4E570B; Wed, 6 Jun 2007 17:30:44 +0200 (CEST) From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= To: sam garcia References: <8F450BE3-0112-1000-9274-4404BC5B0C5D-Webmail-10013@mac.com> <59856.194.74.82.3.1180938612.squirrel@galain.elvandar.org> Date: Wed, 06 Jun 2007 17:30:44 +0200 In-Reply-To: (sam garcia's message of "Wed\, 06 Jun 2007 03\:41\:44 -0700") Message-ID: <86fy55je1n.fsf@dwp.des.no> User-Agent: Gnus/5.110006 (No Gnus v0.6) Emacs/21.3 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Cc: freebsd-security@FreeBSD.org, remko@elvandar.org Subject: Re: security weakness X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Jun 2007 15:30:47 -0000 sam garcia writes: > Hello Remko: sorry to bother you again,after e mailing > freebsd-security@FreeBSD.org mailing list, got a reply by the list > moderator rejecting my message,stating that there is no valid message > from that address,sugesting yet another email address, it doubts the > authenticity of your recomendation No, Remko was correct. However, freebsd-security is moderated, and only subscribers may post there. > Remko, you sugested I should look into securing my emailserver > installation by preventing unauthorized access. you are of the > opinion that ICMP PING is not the cause of spam mailrelaying. could I > ask you if my Apple mac is any risk due to the PING portal being open? > if so would you advice me on what to do? I don't know what you mean by "PING portal", but no, ICMP echo request / reply messages can not normally be used to relay spam. In any case, your question has nothing to do with FreeBSD. If you suspect a security problem with your Mac, I suggest you contact Apple or a Mac users forum. DES --=20 Dag-Erling Sm=C3=B8rgrav - des@des.no From owner-freebsd-security@FreeBSD.ORG Wed Jun 6 23:27:24 2007 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id D20A916A421 for ; Wed, 6 Jun 2007 23:27:24 +0000 (UTC) (envelope-from jhs@berklix.org) Received: from thin.berklix.org (thin.berklix.org [194.246.123.68]) by mx1.freebsd.org (Postfix) with ESMTP id E90E913C45A for ; Wed, 6 Jun 2007 23:27:18 +0000 (UTC) (envelope-from jhs@berklix.org) Received: from js.berklix.org (p549A50DD.dip.t-dialin.net [84.154.80.221]) (authenticated bits=128) by thin.berklix.org (8.12.11/8.12.11) with ESMTP id l56MjZ1N071164; Thu, 7 Jun 2007 00:45:36 +0200 (CEST) (envelope-from jhs@berklix.org) Received: from fire.jhs.private (fire.jhs.private [192.168.91.41]) by js.berklix.org (8.13.6/8.13.6) with ESMTP id l56MjV8x044512; Thu, 7 Jun 2007 00:45:32 +0200 (CEST) (envelope-from jhs@berklix.org) Received: from fire.jhs.private (localhost.jhs.private [127.0.0.1]) by fire.jhs.private (8.13.6/8.13.6) with ESMTP id l56MkO9p080610; Thu, 7 Jun 2007 00:46:24 +0200 (CEST) (envelope-from jhs@fire.jhs.private) Message-Id: <200706062246.l56MkO9p080610@fire.jhs.private> To: Fabian Wenk In-reply-to: <4666ABD1.2070100@wenks.ch> References: <8F450BE3-0112-1000-9274-4404BC5B0C5D-Webmail-10013@mac.com> <59856.194.74.82.3.1180938612.squirrel@galain.elvandar.org> <4666ABD1.2070100@wenks.ch> Comments: In-reply-to Fabian Wenk message dated "Wed, 06 Jun 2007 14:42:57 +0200." Date: Thu, 07 Jun 2007 00:46:24 +0200 From: "Julian H. Stacey" X-Mailman-Approved-At: Thu, 07 Jun 2007 01:35:02 +0000 Cc: sam garcia , remko@elvandar.org, freebsd-security@freebsd.org Subject: Re: security weakness X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Jun 2007 23:27:24 -0000 > Do you run a mailserver on the computer which tiscali spotted as a > source of spam? I distrust Tiscali.de (*) Whether other Tiscalis are cohesive, I wouldn't know. > This are just some hints to check out. I can not really help you > any further, as this is to time consuming to do with a computer > novice and without direct access to your computer. It would be > better if you get some professional computer support in your area, > which could be able to find the real source of your problem with > the sending out of spam. To find a consultant on your part of the globe: http://www.berklix.com/consultants/ Geographically indexed Commercial Consultants Index (inc. pointer to FreeBSD Index now partly geographicaly indexed, but still not as rigorously as my index :-) (*) I believe they once charged me for pre code phone calls I didn't make. I created a unique email address to mail them complaint, (never used with others, eg any Microsoft viraly infested & spammer harvested PC recipients). Very quickly, I got spams on the new unique address. -- Julian Stacey. Munich Computer Consultant, BSD Unix C Linux. http://berklix.com