The Net Effect By Simson Garfinkel June 2002 A U.S. shield against foreign spam and hackers: national security or censorship? By the time you read this, I should be filthy rich. I recently received an e-mail that claimed to be from a high-ranking Nigerian official who had discovered some funds stolen by Nigeria’s former military government. The bank account holding this money, I read, could be used only to transfer the funds abroad. All I needed to do was respond with the name of my bank, my bank account number and some personal information. In return, “Dr. Ahmed” would wire me 35 percent of the trapped $41 million. Rest of article here: http://www.technologyreview.com/articles/garfinkel0602.asp . PeteNote: I do not agree with anyone besides myself limiting information-flow on my computer. However, that said, i find this part of the article very thought-provoking: "At a computer conference I attended last summer, one speaker held up a sign that showed a block of Internet addresses that were assigned to Asia. The numbers were surrounded by one of those red circle-and-slash marks. The speaker had gotten so tired of the constant probes, attacks and junk e-mail from those addresses that he had simply cut off their access to his computers. “Asia: just say ‘no,’” he said. If this mood spreads, Internet service providers might begin to offer geography-based blocking as a value-added service." I've noticed quite the same thing myself, here - almost all probes that have no business probing anything on my system or in my neck-of-the-woods does originate from overseas. My question is, don't most good firewalls already contain a way to block entire ranges of IP addresses? If you don't want any traffic from Mexico, say, is there a way to find out and block anything from every single IP address there? Seems preferable to having either the government OR the ISP's do it - they have a tendency to paint with a pretty broad brush (not to mention to the stupidity-factor involved). Thoughts? Pete
He's not the only one. I receive two a day and each time from two new Nigerians. Never had klez in their emails so at least they haven't had their Outlook accounts hijacked. Then, I get original letters at my office from Nigerians wishing to transfer 10-20 million US to my institutiion's account. The hand written letters are quite verbose seeing as they just want to transfer the cash. Actually, I received a new email version this weekend asking me to participate in a "job opportunity".
Oh, you didn't get the new version yet of the so-called American militaries wanting to transfer moneys from Afghanistan? Very careful with that one.
Hey, Jooske, how's it going? I received that very "plea" yesterday when I got back from a trip. I can see some people falling for that, it's pretty well done and convincing. Sad. John Luv2BSecure
Hi again! I'm not sure about the connections between the Nigerian and the Afghan Americans, might be the same organisation, but it is known the latter is very impatient and better be very careful. Look at the Scambusters website, and the other links: http://www.scambusters.org http://www.scambusters.org/NigerianFee.html http://www.nigerianfraudwatch.org http://story.news.yahoo.com/news?tmpl=story&u=/zd/20020523/tc_zd/5108178 http://www.siliconvalley.com/mld/siliconvalley/news/3319360.htm Once on the scambuster sites, you might like in the meantime to check those "urban legends/hoaxes (we are a security forum here, aren't we?) http://www.scambusters.org/legends.html http://www.snopes2.com http://www.howstuffworks.com/urban-legend.htm
The scam Pete mentions has been ongoing for no less than three years........never has anyone been arrested or even questioned......furthermore...numerous people have actually fallen for this garbage.....there was a write-up on this particular scam early last year. my firewall does not allow blocking of sub-ranges or individual ip's.....for this I use other means...however, this should be a provided feature in all firewalls imo. tired of this sort of nonsense I recently had a very frank conversation with my internet service provider.....ironically at the very same time the provider had one of its pipelines under attack and jammed....... dramatic changes have made internet useage a subject that needs addressing in a major way.....far to much has been tolarated by computer users worldwide......an yes definitely most of the scans I receive are from china or korea.........at the very least 80% over the years I have found the peoples of these countries to be intelligent....culturally advance and extremely well mannered.......so whats with the scanning? its far to many scans for far to long a time to just be considered normal behavior..... I don't play the "buy me I'm better" software game...either a software vendor provides a good product or he can eat it for lunch.....firewalls can be made to prevent "country" scanning.....some may already do so.....mine does not.......that means I wont purchase the same firewall again.........my money stays in my pocket until I get want I need.......the "scams"..scans....hack attacks...whatever...let em roll........no the government need not do anything...nothing at all.....when a few vendors go bankrupt the others will provide us with what we need to protect our computers......or also go bankrupt........ snowman
I'd be pissed if the gov decided to get into the censorship biz. We don't like censorship in Canada. Only Hate literature is worthy of censorship. On our tv channels, we can have nudity and the 'F' word if we want. I would expect the US to lead the censorship rally. Ban all communication with Cuba, North Korea, VietNam, China, etc, etc. My firewall can block ranges of IPs with no problem. Just one reason why a rules based firewall llike Kerio/Tiny is my choice. So can my operating systems. If you use NT, W2K, XP so can you. If you use Linux so can you.
(The crowd waits in hushed anticipation for Unicron to go about explaining - in detail and in an easily-understandable fashion - exactly how we can do that!). Hey, snowman! You registered-and-posting member you! Welcome and glad to see everything is working for you now! Pete
I will but it will have to wait till later. Now that I think about it, that might be a server feature. I'll look into it and report back. Can someone verify if TCP/IP filtering is available under "advanced" options of the Internet protocol (TCP/IP) properties for worksation versions of NT/W2K/XP?
This is interesting. Not only do the Nigerians send by e-mail but also by fax. We got one at our office about a month ago. We sent it to the police. Internet Scambusters have some good articles on this one. I'm checking on Unicron's question. (So, you say "eh?" at the end of sentences too...eh?)(Pronounced as long A.) Yeah, I'd be very interested in blocking undesirable addresses, not just foreign ones, but all those computers that are still infected with the SQL Server Worm! I send thirty or so off to DShield every couple days. Is there any way to turn off the Zone Alarm message alerts without compromising the program? I'm tired of clicking them or they show up when I'm typing and then all typing stops! AAARRRGGGHHH!
TCP/IP Filtering on Wkstns Its there in W2K Pro. Looking at it, you can build your very own little firewall by allowing only certain ports on TCP, UDP, IP Protocols. Looks like it works only on inbound - rather proves the point that XP's firewall is just marketing hype of a feature that was there before. It doesn't look as if it will block out IP addresses, 'tho...... just ports
Spy 1.......yupper got it working thanks to your help......man the ye ole computer sure choked on that first cookie...poor thing didn't know what to make of it! Prince.....just go to "alert" an un-check "show pop-up window" Unicorn...no excuses..give us the instructions LOL actually this is a subject that should really be discussed indept imo......it certainly could be extremely useful to block certain sub-ranges.......I can block the connections...but still get the scans. questions: is it possible to use the windows HOST to block an entire sub-range? that feature I notice is not used by alot of people......127.0.0.0 XXX XXX XXX an no proxy needed. second question.....once an abuse notice has been sent to an offending ip..an no action is taken by the ip to stop an attack (an outright attack..not just a random scan) what would be considered the proper next move.... the fact is..most of the scans are rather meaningless.....many are from "victim" machines......an if we are doing our homework our computers should be protected........an it certainly is not wise to go toe to toe with a real hacker...........suggestions anyone. snowman
Thanks snowman. It must be this flu. Makes me miss stuff. I have posted Unicron's TCP/IP filtering question on a private computer "geek" site and also to their top man by e-mail. Something has occurred to me. Wouldn't the Restricted Sites section of the Internet Security Options cover this? Or will that only work for websites? Looking forward to further posts.
The top man got back to me. There are no advanced options (yet) for filtering TCP/IP addresses. Can only filter ports. But that does not mean that it cannot be done. Could such an idea work as a program in a hardware filter? Perhaps an older model computer could be dedicated totally to this procedure. Firewalls are set up that way. Maybe we just need to get creative on this one. Need I say that success in this application could be a security gold mine? I got into programming once before. Thoroughly enjoyed it, but there's lots more to learn this time. I'm seriously considering it though. I love to build things that really work!
Perhaps a network card that has its bios flashed to be unable to contact certail IP ranges? Could be done. Easier would be to use a linux Slackware or freeBSD box to run the super-configurable IPchains on it to create a hardware firewall. Easier still would be to buck up and use a rules based software firewall like TPF/KPF. Even if you build some rules to allow EVERYTHING accept any for of connection to certail IP ranges, and then used your other firewall of choice to handle other stuff (if you can'l live without it) So far Outpost is the only firewall I've tried that doesn't play nice with other firewalls. Sygate and TPF/KPF combo works as does a ZA and KPF/TPF combo. One may wonder why you'd need the others at all......
Oh well. There go the dreams of being rich beyond those of avarice, but maybe we can benefit some people. We are not going to re-invent the wheel. So, it is possible with some work. Let's keep at it anyway. Would flashing the bios of a network card be rigid (carved in stone) or flexible (like fractal geometry)? It would need flexibility. Hmmmm.
Not hard, not soft...firm. That means it wouldn't be burned into the hardware as ROM, but not configurable with the normal means using software. (that would defeat the point). But, like the bios of your MB or Vidcard, it is ROM that CAN be changed, but not through normal means. Honestly I do not see a market for this type of product. Too may easier ways as described above.
What would be some easier or better still the easiest way? Something you can change as needed but still does the job. Invention is not always making something new, but doing something different with available methods. When I was 16 years old I got my picture in the newspaper because I was riding my bike in our City Park wearing stereo headphones and listening to music on a tape player. At that time it was a novelty. It never occurred to me to register my idea. Five years later Walkmans came out. Do you see the point?
