Posts tagged ‘Comcast’

Comcast to warn of infected machines

October 10, 2009, 6:15 pm

This week numerous sources reported on news that Comcast will deliver popups to alert customers with infected machines.
I agree with Phil Lin, marketing director at network security firm FireEye Inc as reported in the linked AP story above, if this catches on we’ll soon see this used in social engineered attacks.
According to Brian Krebs in his Washington Post blog Security Fix, the alert is a

“so-called “service notice,” a semi-transparent banner that overlays a portion of whatever page is being displayed in the customer’s Web browser. Customers can then either move or close the alert, or click “Go to Anti-Virus Center,” for recommended next-steps, which may include downloading and running the McAfee anti-virus tools the company offers for free, or purchasing a cleanup package and allowing a Comcast technician to attempt to remotely diagnose and fix the problem.”

I’d love to see an escalation so that ignored notices eventually put you in a walled garden until remediation occurs.
There is debate in the industry about the responsibility of the ISP. Techies want a pipe. They dont use the ISPs email server, webhosting, or news server. They dont want blocked ports or managed traffic. There is another side that demands a clean pipe. I’ve seen this more in the business area where a business ISP partners with a Security as a Service vender to clean up or montior the Internet Traffic. John Pescatore takes this position in his post saying warning about a problem isn’t as good as preventing the problem from reaching the user in the first place.
I think its good to see a ISP want to be a good citizen. ISPs want to be more than just dumb pipes. Trying to clean up the neighborhood is a good start. This is a logical next step from blocking ports such as outbound SMTP other than through the ISPs mail server.

Tags: , , ,
Category: General  |  Comment

Comcastic SMTP Servers

April 25, 2008, 4:52 pm

One of our users complained that they did not receive a highly critical piece of email sent from a Comcast user. Other addresses on the recipient list at our company did receive the message.
Checking the logs we see that the recipients on the TO line of the email did not receive the message but recipients that were CCed did receive the message.
One of the mail admins has comcast so he logged in and sent him self a couple of test messages. Sure enough he received an error code 4.1.1. He tried again this time sending putting the his address as a CC and another address in the TO field. He was able to reproduce the users problem.
From googling, I see that some users were getting that error message when sending to certain domains back in February. It turned out to be a temporary problem for them. Not sure what that’s all about.

Tags: ,
Category: General  |  Comment

CBL List (partially) Blocks MessageLabs

April 10, 2008, 10:38 am

Looks like the shoe is on the other foot. Last week I was chortling that MessageLabs was tar pitting Google in an automatic response to gmail sending out so much spam. Now some of MessageLabs IPs have been blocked by the CBL. Apparently that is rather widely used. I’ve already seen rejections from Cox and Comcast. CBL is used in SPAMHAUS and other aggregate blocklists as well.
MessageLabs has reported they have worked with CBL to resolve the issue. The latest updates for CBL have removed this block in the latest update of the CBL.

Tags: , , , ,
Category: Spam  |  Comment

Comcast’s smtp disconnects ineffective

July 1, 2004, 4:54 pm

Back on May 24th I wrote about Comcasts plan to combat spam originating on its network. Comcast reported that they planned to terminate the ability of some users to send mail out via port 25. Unlike Cox Communications who turned off port 25 for all customers forcing them to use Cox’s SMTP server, Comcast only did this to users who appeared to be used to send high amounts of spam.
News.com reports that spam from Comcast has dropped 35 percent since that time.
The news.com article played it evenly, but I felt that Comcast was trying to trumpet this as a great victory. To my way of thinking that it only dropped 35% shows that targeted disconnects are effective or aren’t being done aggressively enough. Comcast should just do what the other major providers have done already. Cut off port 25 to all. That will stop 100% of the Comcast spam, not just 35% of it. If they want to be nice, they can then turn 25 back on for the people who really need it.
As a disclaimer, my ability to send mail outbound not using Cox’s server has been cut off by Cox. At the time, I didn’t like it. But now, I think its just good internet citizenship. Too many trojaned home systems are spewing forth spam. Its got to stop.

Tags: , ,
Category: Spam  |  Comments Off

Comcast plan to stop Spam

May 24, 2004, 1:47 pm

Comcast’s users have been one of the largest sources of U.S. originated spam. Other large ISPs (Cox and AOL) have taken to blocking end user access to any mail server other than their own on port 25. While this was annoying at first, there were many workarounds available for most users. As a Cox customer it annoyed me to no end that Comcast customers were protected from Cox spam, but we weren’t protected from Comcast spam.
Now, Cox has finally decided to take some action. They feel that blocking outbound 25 to all users would result in too many calls to their call centers, so they are going to be blocking 25 to computers that send out an unusual amount of email. Since a user is breaking the terms of service, I think this is an acceptable action. It doesn’t paint all uses with a broad brush the way the Cox action did.
I tend to say lets wait and see. It seems to me that this policy by definition will allow spam out before the computer is blocked. This is still a great improvement over what they were doing.

Tags: , , , ,
Category: Spam  |  Comments Off