Law, spam, and 4899/tcp

Published: 2004-04-09
Last Updated: 2004-04-09 23:37:01 UTC
by William Stearns (Version: 1)
0 comment(s)

Friday April 9th, was moderately busy; there was some discussion
on a new french law. Scanning patterns were largely stable, with the
exception of 4899/tcp. A new Anti-spam resource was announced today.

A bugtraq post from K-Otic claimed that a new law in France
could make it illegal to post vulnerability information or hacking
techniques. The "loi pour la confiance dans l'economie numerique"
(loosely translated, the "Confidence law for the Digital Economy") is
claimed to make hacking and vulnerability posts illegal in France.

The handler's consensus seems to be that this may not be as
severe a law as K-Otic would seem to present. If your company or
organization does work in the realm of vulnerability analysis and has
branches in France, a french lawyer can get you much better advice than
you'll find on either the handler's list or Bugtraq.

A new anti-spam RBL was announced today. Jeff Chan noted that
the SURBL is now live. Unlike traditional RBL's which focus on the
sender domain or intermediate relays, this blocklist focuses on the
URL's embedded in spam messages. The SURBL pulls domains from recent
multiply reported spams and republishes them as subdomains of the
sc.surbl.org domain. See
http://www.surbl.org
for more information.

The sa-blocklist manual domain project will be live in this URL
RBL format within a few days.

Scott Fendley reports that scanning for 4899/tcp is quite heavy
at his location. Dshield confirms that 4899/tcp is spiking again after
a few quiet weeks.
http://isc.sans.org/port_report_graph.php?port=4899&width=350
There is speculation that there may be an exploit circulating for
Radmind.

Agobot is also scanning heavily.
---- Handler on duty, William Stearns wstearns@pobox.com
http://www.stearns.org/ (security papers and tools)
Keywords:
0 comment(s)

Comments


Diary Archives