Posted
by
CmdrTaco
from the i've-seen-this-before dept.
Zendar writes "idg has an article about how students at the 151-year-old Tufts University were paid as little as $20/month to relay spam from computers in their dorms. Interestingly enough, the students approached the spammers about this scheme and not vice-versa."
This discussion has been archived.
No new comments can be posted.
This just proves these students aren't as resourceful as they could be. I for one, would have placed some sort of trojan on as many people's computers I could find, then sell ALL of their machine's use for spamming. I mean, I'm certainly not condoning spamming and I dislike it myself, but if you are going to do it, do it right....
Or got jobs as telemarketers (hell, most universities even run extensive official telemarketing systems to harass alumni for donations). If you're willing to telemarket, I don't see why you wouldn't be willing to spam. Sure its less money, but its also less work.
you and EVERY SINGLE OTHER PERSON I have ever spoken to that either sold them or made it through thte first day of "oreintation".
Though one could make a little money on it, it still smacked of a scam. What salesperson in their right mond would pay $500 to get started to sell anything door to door AND have to generate you OWN LEADS!!!
However, I didn't have to spend any more than $150 to get started (I must have had a benevolent leader).
It didn't take me long to quit. I still don't care for their marketing practices. However, the products are great (more than I can say about Amway's product line). I still have mine 12 years since I got them. They're still as sharp and shiny as ever. I even have an inherited set that's over 20 years old. They're in great shape also.
I'm going to risk sounding like a hypocrite. I say if you never bought Cutco knives, and someone approaches you to buy them, give them a try. Money worth spending. However, don't jump at the first offer. Make it a hard sell for them and get the maximum discount you can. Even offer a single amount, take it or leave it, just slightly below their final offer. You'll get a good set of knives, but at the same time you'll effectively discourage the wayward soul from continuing on that dastardly path. You'd be doing them a favor. There's plenty of youth around for Vector Marketing to continue the practice, just don't allow someone get stuck in it.
My mom sold them. My mother-in-law gave us a few "extra" ones she had lying around.
They are great knives and I have no complaints what so ever about their quality. If I had the money, I might even buy some myself.
But their tactics, not only for marketing, but especially recruiting is what p1ssed me off to no end. As a teen looking for a job, I called an ad for $15 an hour. They would not tell me what the job was. Perhaps this is a necessary tactic on their part as I NEVER would have bothered to waste my day to go to their seminar.
I likely would buy a couple of knives, but only when one of my friend or realatives corners me into buying them or risk bad feelings between us. Frankly, there are other high-end-ish knives out there that don't rely upon sales and lead generation by guilt.
Nice, thanks for the flashback. I sold Cutco knives for a couple months back in college. Made back what I paid to enter and a bit more but delivering pizzas was better pay (and steadier).
I still have my knives, and they still work great decades later (man I'm old).
Are they the ones who sell the "world's best knives"?
A friend in college asked me if I'd heard of the world's best knives. I told him no, but I owned the world's cheapest knives, so if they ever broke or went dull, it would cost me nothing to replace them.
What happened to the good old days when college students sold blood, sperm or surfed the web to earn beer money!
You know you are old when:
You had to work a real job to get money in college
People refer to the "good old days" and in your mind it was yesterday
There was no World Wide Web when you were in college (unless you count FTP, BBSs, and Gopher sites)
Your final paper in Computer Hardware Design was on the Pentium processor, and you could only find three sources because it wasn't due to be released for another 6 months.
You post on Slashdot recounting how old you are, hoping someone will think you are cool
And time to waste... and fewer inhibitions (amazing how college does that!)... so it's pretty easy to understand and believe. Oh well, most schools would yank your access for the rest of your time there. Not really worth $20/mo to me.
It's cheap, yes, but $20 is about 20 boxes of Mac & Cheese. For some students, this could probably feed them for 3/4 of the month.
Realistically though, profit depends on volume. Some few people probably masterminded the idea, and are taking part-profits somehow. If they skimmed $5 from 20 students with relays - that's $100/month. Still not a lot, but cheap for no work.
You must have failed College Math 101. Dollar amounts are to be clearly be represented in Ramen noodle packets. Therefore, $20 = 160 packets = 160/3 meals per day = 1.8 months of good eatin'.
only 20 boxes of mac & cheese? I'm a college student and I sure as hell don't buy that kind of extravagant mac & cheese. Kroger regularly puts its "kroger brand" mac & cheese on sale for 25 cents a box!
Interesting that they tracked the individuals down using MAC addresses for computers in their dorms...
I've never heard of any other Uni having the foresight to record this and it seems like a valid piece of info to have to include in any registration document (as per cable modem setup)
No, they probably don't keep track of the MAC's students are using, but it is relatively trivial to ask a managed hub or switch which MAC's are one which port, ergo, which room the offender occupies.
at BGSU they started doing registration for the DHCP server via MAC in 1999 or 2000. When you started up after connecting your computer to the ethernet jack you would get a registration page. You would enter your student ID and your email login/passwd. Your MAC was recorded and a hostname that included your email id was given along w/a static IP. If you logged on from another other port on campus it would show as a "roam" address but it still knew you were authenticated so it still knew your MAC.
If you wanted to register another computer you would either have to use someone else's student ID + login/passwd or call up the people for help.
A side note, they were less than familiar about doing it w/alternative OSs that did not automatically bring up the registration page. You either had to use Windows to do it or have them do it manually. I used Windows;)
A more subtle way is that the college you attend in Cambridge has already implemented this. The only problem with this approach is that all the alumni from Cambridge Universtiy think you're trying to associate yourself with their older and more established college.
My university (U of Guelph) attempts to record the MAC adress, but their registration program that you must use when you first log on is buggy as hell and often easier to circumvent then to actually use. So I'm not sure how many MAC adresses they actually record.
Interesting that they tracked the individuals down using MAC addresses for computers in their dorms...
I've never heard of any other Uni having the foresight to record this and it seems like a valid piece of info to have to include in any registration document (as per cable modem setup)
You don't even need to copy it down at sign-up time... just take it out of the DHCP server logs, or the ARP tables on the building router, then look for the MAC address on a switch port in the hall switch. Provided you know your wiring -- and know what switch port goes to what dorm room -- you just narrowed your problem down to the spammer and his roommate.
(Why yes, I did used to be a sysadmin at a college with a bandwidth hogs problem.)
I was compromised at one point in time my freshman year and had a smurf attack originate from my machine. They were able to track it down in under 2 hours to my specific port. They shut me down immediately. I had to contact the head of IT directly for reinstatement.
Although it was pretty obvious who was using the most bandwith even w/a tool like iptraf.
Or, if you were a sys-admin at the overly-anal college I go to, you would require the MAC address at signup time, which would then be tied to an individual port in an individual room. Using an unregistered MAC would cause the port to immediately deactivate. So once you have the MAC, you wouldn't just have the room - you'd have the individual student and could immediately deactivate just their port.
This is quite annoying to students who find out the "MAC tied to port" bit by accidently misplugging their computers into the wrong side-by-side ports after rearranging their desks. Fortunately, it was a triple, and my desk stayed where it was. Heheh.
Actually, I was a student at Tufts at the time they implemented the student network. At the time, ACS (Acedemic Computing Services) did require students to register MAC addresses, and I think I recall them assigning static IPs via DHCP or BOOTP (This was back in 95, DHCP was not very popular yet). You could let the network take care of everything for you, or you could enter it manually if you knew what you were doing...
I really don't remember if they used managed hubs/switches, but I recall it was a fairly trivial exercise to figure out where people were in a dorm by counting the IPs assigned (they had some pattern).
-Jack Ash (Miguel if anyone else from Tufts is reading)
Here [cmu.edu] MAC addresses must be entered as part of registering a computer for access to the network - each registration consists of a user's login/pass, their location on the network, the computer's name, and the MAC address. Makes things fairly straightforward when they need to track something down, or assign blame or whatnot.
The University of Minnesota also does this; you have to register MAC addresses under your X.500 account, and you're given up to 6. (That's just about all I need... NICs in three computers, LAN connection on my Linksys, and 802.11b card in my laptop.)
The DHCP servers only give out IPs to MAC addresses that are registered thus. Also, you have to authenticate with your X.500 account to get an IP from the campus wireless service. This seems so obvious to me I'm surprised more people don't do it ^^;
(Also, for those who read the article, the guy from UofM that says that "we don't allow clients to act as servers"... this basically means they block port 80 incoming traffic. Nothing more. Although the service agreement for res hall networking does say that you're not allowed to serve stuff.)
Unless you're just stringing together some LinkSys hubs, most management software has this ability.
I can go to a console, type an IP or MAC and be show exactly what switch and port on campus that is coming from. Pull up the map for that switch and see where that port physically terminates.
Had someone with a rogue DHCP server years ago causing trouble. Right after the class let out, we were able to go into the room and descend upon him. Pretty much freaked him out. Turns out he downloaded something that he didn't know what all it did (was kinda a windows based router for a home network).
$80? What school are you at? My textbooks start at $100, unless its a course that requires more then one textbook when they're usually a little cheaper, but still gouging.
Unfortunately, this is the sort of thing that makes sysadmins block all outbound SMTP from anything that isn't registered as a mail server, or at a minimum redirect all such access to their mail server.
Gripe about it all you want, but had the uni been forcing all outbound SMTP traffic through their mail server, they would have seen this a great deal sooner.
As for a fitting punishment - if these students live in the dorm, they probably eat at the dorm cafeteria. Tell the cafeteria to only server them SPAM.
Man, I hope my ISP doesn't do that. We run our own mailserver because theirs is limited to a single account (extra accounts are $$$ a month and two of us use the connection). Worse, their mailserver goes down ALL the time, which makes it extremely annoying to say on mailing lists as most lists will autokick you if your mail bounces. Plus they have no spam blocking like we do on our mail server. If only they wern't a local monopoly...
Result: not a single open relay problem anymore and it doesn't inconvenience any (legit) users either.
My evil college [rit.edu] blocks incoming port 25 on the entire residential network. No exceptions. I cannot run my own mail server. They do provide me with an email address, but do not offer SSL on IMAP or POP. Yeah. Lets send my password that can be used to change my registration and financial info in cleartext over the network of a college with lots of students who know enough to take advantage of it.
Look, in college I sold my fucking *blood* for a few dollars. Why should it be surprising that students would sell bandwidth?
IMO, colleges should get out of the general IT business all together and contract these services out. They already contract out other things, like food service, landscaping, maintainance, etc. Some departments (CS, etc) obviously may need their own networks, but otherwise it's just a hugely wasteful money pit. Hell, at my university, they spent so much money on useless IT projects that it just boggled the mind -- a lot of the trouble was that they employed fresh grads who would pick up a couple years' experience then skate, so there wasn't enough adult supervision...
Anyhow, back on track: Colleges should concentrate on education and offload these other problems to professionals.
Colleges do a lot of experimental things because of the large variety of departments with their unique needs. I do not think they should contract out anything, contractors are expensive. Talk about a money pit!
I personally think a university's money would be better spent with a dedicated staff that knows what a university needs and use student labor when they can. It works well. If your university IT department was run poorly, well, that could (and does) happen in any kind of environment, not just acadamia and wont get fixed by hiring contractors.
I don't think he's arguing for hiring a bunch of contractors, but rather for outsourcing the function entirely. A number of the big banks have done this, for example. JP Morgan just signed a multi-billion dollar deal with IBM to have IBM run _all_ their IT functions, from server admin to networking to helpdesk. Most of the JPM IT folks will become IBM employees, some will go. JPM just decided that they're a bank, not a computer company, and they'd rather leave these things to a computer company.
When I was a student at Vanderbilt University [vanderbilt.edu] back in 1995-1996, we had a student-run IT department. It was a very novel thing back then, dreamed up by an former student who worked for the school. What they did was give responsibility for some services (Web, mail, FTP, and some development) to student-run teams. These teams implemented these services on Solaris and Linux hosts and were responsible for their maintenance. I believe we were paid as work study employees but the wages were much better than what you could earn elsewhere on campus. I think I made around $9-10/hour.
What was really amazing is how they found around 12 *nix-saavy students in 1996 at a school mostly known for its liberal arts and pre-med curriculum. Somehow, they did. It spread by word-of-mouth and we all just drifted in. It was the ultimate student job.
Look, in college I sold my fucking *blood* for a few dollars. Why should it be surprising that students would sell bandwidth?
The difference, of course, is that you actually owned your blood in college. These students are selling something that they're permitted to use in the hopes that it will make them better and more successful students. It's a vulgar abuse of access, and don't gimme that "I pay X*10^y dollars a year to go to school here" crap. If those kids had to pay for the actual bandwidth they consume they'd be paying a fair chunk of that without all those education value-adds.
What I don't understand is why colleges don't make use policies part of housing contracts (most consider and bill bandwidth as a utility like electricity). Do something stupid or commit some vulgar abuse like this and you're out fending for yourself off-campus. Pay your own damn cable bill...
Colleges should concentrate on education and offload these other problems to professionals
I say 'No', and for two reasons. The first being that colleges already offload enough services to paid contractors....food, books, lawncare, building upkeep, etc. Anytime you involve a contractor, you raise the amount it costs which is passed on to taxpayers if it's a public university, or the students if it isn't. Unnecessary charges.
Second, I dated a girl at Tufts and know they have a decent sized CS/CpE program. Something like this is perfect to give jobs to students at the campus to a) give them a job, b) give them some experience. I won't even go into 'connecting them with their fellow students', that's a crap reason, but a & b are good enough on their own. There's no reason to hire expensive sysadmins when students are HAPPY to work on things like this and they're cheap. At Virginia Tech, we had a couple (remember...Tech is mucho larger than Tufts) chief sysadmins in charge of different colleges and areas, but the rest was student run. Very convenient, the students are many times smarter than the sysadmins.
IMO, colleges should get out of the general IT business all together and contract these services out. They already contract out other things, like food service, landscaping, maintainance, etc
That would be wonderful. Then they could have the network equivalent of the crappy food they serve at the cafeteria. Aaargh.
Also, you mention that the problem is that they only employ recent grads. That's true - but often these kids work at a "hometown discount" while they wait for their gf to graduate or whatever. The college could never afford people as good as their own grads, generally, if they had to pay them what they were worth. If they have to outsource, the cost will skyrocket - or the service will tank. Admittedly, a few adults wouldn't hurt, but the kids usually do a pretty good job. Hell, at our school the permanant hires were paid so little only the braindead took the job. You prayed you got an ex-student to solve your problem if you had one.
You do realize that alot of university networks have been around longer than most ISPs? Universities are where alot of the early internet research happened. Also, I'd say it is more cost effective to manage the network in-house for a few reasons:
Those networks are so big they require full time support anyway. Might as well do your own hiring. It's no different than a huge corporation having its own huge IT division.
Also, students studying IT are great for cheap labor to handle networking grunt work (first tier tech support, go patch this port to that, etc.). The school's IT degree program (if it has one) and a real-world network are mutually beneficial to eachother.
$20 a month was serious money. That's one week of clean laundry and GOOD pizza on Sunday night (and not the cheap stuff). Back then, $20 a month would have bought a lot of personal ethics. Can't say as I blame them.
Let see, a kid sets up a computer to steal on the college network. If the student hacked in the the dean's computer to get porn, it would be all over the news, the kid would be arrested.
The kid should be charged the same as the person who put the distributed decryption software, that was all over the news, and expelled.
It sure doesn't take much to compromise a person's self-respect or integrity. $20/month in exchange for contributing to a problem that everyone hates, and knowing full well that everyone hates it? They sold out cheap.
It's sort of like the trend for journalist majors to wind up in PR jobs for corporations doing nasty things. The lure of extra money covers over any hesitation they might have in moving from a supposedly neutral position to one that shills for money.
But $20/month? Man, that's some cheap principles. How about we pay them $21/month to turn against the spammers?
---------
"Let me guess, you were the arsehole who had the porche parked in the school lot."
Bzzzt! Wrong, try again.
"Did you see the old beat up Ford Escort with a different color fender, no muffler, and a broken windshield?"
Ding! Ding! Ding! We've got a winner! That would have been me.
"The guy that owned the Escort (and I know him well) would have sold his self-respect for a tuna-freakin-fish sandwich. That guy had LESS than $20/mo for food, toiletries, and beer. You wouldn't survive a week in that guys shoes. $20/mo means another case of mac-n-cheese."
No excuse. You find other ways of making money rather than blatantly leeching off society and contributing to a problem that is despised. If you sell out for a price, regardless of circumstances, it means you sold out. Some people hold their integrity in high esteem and will find some other way to make the necessary money.
-------
If you sell out for a price, regardless of circumstances, it means you sold out.
H.L. Mencken was at a high society function and speaking with one of the grande dames of society. After some initial witty small talk, he asked her "Madame, would you sleep with me for a million dollars?"
Much laughter later, she agreed.
"Madame, would you sleep with me for one dollar?"
The dame was grievously offended and asked Mencken what she thought she was--some whore?
"Madame, we've already established that you're a whore," he replied. "Now we're just dickering about your price."
Let me guess, you were the arsehole who had the porche parked in the school lot. Did you see the old beat up Ford Escort with a different color fender, no muffler, and a broken windshield? The guy that owned the Escort (and I know him well) would have sold his self-respect for a tuna-freakin-fish sandwich. That guy had LESS than $20/mo for food, toiletries, and beer. You wouldn't survive a week in that guys shoes. $20/mo means another case of mac-n-cheese.
Well, gee, that excuses everything! I see the light now! After that guy broke into my friend's apartment last year and stole all his electronics, I should've excused him too because he was jobless and living in government housing! After all, I "wouldn't have survived a week in that guy's shoes," now would I?
You know what I did in college when I needed money? I got a freaking job; that's what I did. I spent my days sitting at a desk in a computer lab checking student IDs for $5/hour. I didn't throw in with parasites to get by.
Those students did sell themselves cheap. They could've gotten a real job, but instead they decided to let the bottom-feeders of the Internet take advantage of university resources so that they could get a small token sum of money without having to do a damn thing. They whored themselves out probably because they were too damn lazy to actually try to hold down a part time job while in school. As someone who worked for my food, I have absolutely no sympathy for them. They should be kicked out of housing and maybe even expelled for abusing the university network at the expense of others.
has always been a popular fad. Remember those programs you could install and you would get a 10th of a penny for every website you clicked and it had a banner-system (I believe)? Everyone thought they would make hundreds of dollars a month with that. I wish I could remember the name. People love getting money for doing their normal tasks, i.e. using the computer. If relaying spam could be done with little or no active participation by a computer user, who [average computer user] wouldn't turn down 20 bucks?
What does it matter that Tufts is 151 years old? Would this be different if it were 310-year-old College of William and Mary in Virginia or 210-year-old Williams College in Williamstown, MA?
Dear Mr. Spammer, I wouldn't mind to relay your spam at all! In fact, I would do it with a full satisfaction of doing a valuable service to the community! Please, pretty please, pick (and pay) me to be your relay!
WBR / lastberserker
. . .
[...of course I won't detail on _where_ I would relay your spam, but what's the matter - noone would miss it anyways...]
I have been getting spam addressed to [my_unix_username]@[my_machinename].cs.man.ac.uk My machine passes the mail to me but I have no idea how the people got this address. The only way I can think of is if someone used finger @ on the machines in the department and then stuck the username with the machinename. As far as I am aware the finger@ is blocked to people outside the department so I am starting to suspect that some students are behind this. Especially as the spam is for local companies.
Same happened to me, my.cs.man.ac.uk started receiving spam during last semester. Struck me as very strange because my uni address doesn't get used anywhere (well, nowhere that I don't trust).
The irony of receiving "Get your diploma now..." spam on my university mail account...
"I have been getting spam addressed to [my_unix_username]@[my_machinename].cs.man.ac.uk"
Do you have ident running? Could a website you connected to have used ident to get your username and then prepended it to the reverse lookup of your IP?
Should just kill those kid's connections, or charge them $50 a month for the "privelage" of being a spammer--then this whole problem goes away. Mind you, the network and its resources are the University's, and not the student's.
... how students at the 151-year-old Tufts University were paid as little as $20/month to relay spam from computers in their dorms.
Until I read the article I was under the impression it was an article complaining that the students were not getting a fair enough price for spamming;^)
I didn't understand the article at all. Then I saw the helpful graphic at the bottom of the article. It clearly showed just how the process worked! Without that picture, I would have been in the dark.
I was thinking the same thing. That diagram does nothing but rehash a condensed version of the article with cute figures. It does nothing to enhance one's understanding of the subject matter (which isn't really that difficult to grasp anyways).
The article mentions that they can't track the original spammers, that all the further that they can get is to the students computers. If they really want to track the spammers can't they track the money?
Which makes me wonder, how do the students get paid? Remaining anonymous is critical to spammers being able to continue doing their thing. How does a spammer actually pay someone w/out being trackable? I can't imagine that they send cash.
Well , these students must be pretty dumb anyway to do this for a measly $20 with the risk of being banned permanently from the uni network (or even the uni itself) so maybe the spammers ask for bank details (get them because of the amazing credulity of Simon Student), deposit $20 and then sell those details on to some people in Nigeria who always seem to be desperate for somewhere to deposit $20,000,000:) Ahem.
"The students involved in this found the opportunity themselves - they were not contacted by the company directly," says Tolman, who adds that the software likely was downloaded via FTP or some other file-sharing protocol.
Oh great, just wait until someone from one of the entertainment cartels reads that. Coming soon from a congresscritter near you: HR 34235, The Federal Ban of the File Transfer Protocol Act of 2003.
Doesn't the IT Department at any college, university etc enforce their AUP? Doh! They don't have an AUP.....
Seriously, I would imagine that surely the IT Department has an AUP that would prevent this behavior along with appropriate actions for dealing with violators?
I mean, students could agree to use MS products in exchange of money...
Err, wait...
You mean they pay to use the products ? Or they copy & use them for free ?
Darn, where are we going today....
Free MS bashing, but well, sometimes you just need to have a good laugh ^_-
Confiscate their equipment, kick them all out of school, and prohibit them from entering a publicly funded school anywhere in the State. Whatever the punishment for rape is, give that +10% to them. Then let Cartman kick them in the nuts.
The interesting thing is that the spammers are now paying people to put out their spam. Now each outgoing spam costs something above the overhead costs. Sure, it's something really tiny ($20/??) but it's not zero. I wonder what the price point is that spammers are willing to pay? Would schemes that would charge spammers for their spam really be a deterent? How much would you have to charge?
I'm a current student at tufts, and I'm not that surprised that there is some abuse of the system. The University is overall pretty laid back about student computing. The only things the sysadmins monitor for is virii that may cause systemwide problems (they send a person to your room with virus software if one's detected) and excessive bandwidth usage (over a gig per day for more than 3 days in month.)
While it is troubling to know that some of my fellow students abused the policy, it really isn't that hard. Though it pisses me off a little that they used University bandwidth for their little endeavor, the school has plenty, due to massive infrastructure installation in the late nineties. It hadn't caused any issues for the school (nobody I know has complained about a slowdown) so it's my opinion that the fact it's a university isn't a big deal. The kids are entrepreneurs, even if it's in a business I despise, taking advantage of the resources they've paid for. The real question is wether the school will add a clause to the acceptable use policy and start to monitor for spammers. Wouldn't be surprising.
The kids are entrepreneurs, even if it's in a business I despise, taking advantage of the resources they've paid for.
Are we supposed to believe that university network resources are completely supported by tuition? I would venture (though in typical Slashdot fashion I have no numbers) that there's a certain amount of taxpayer money involved. Furthermore, it's very common for end-user bandwidth agreements to include a clause prohibiting the resale of any portion of a connection.
Everyone has said how 20 bucks isn't anything, but it's pure profit! I'm assuming these kids don't have to click 'Send' 1.6 million times, and they don't pay for bandwidth.
Another shining example of the 'me first' attitude that permeates society. (Especially in the US) -
Crap! It's free money, with no responsibillity attached, and poor college students would stand in line at the finger-smelling factory if they didn't have to work.
The university I work for has found itself on various spam blacklists each September for the past 3 years. The reason has been the same each time: underclassmen in the dorms installing old RH distros or whatever that includes an open mail relay.
This spring SMTP will be restricted to only approved departmental servers. Anyone else gets dropped at the firewall. It's a shame (academic freedom and all that) but really necessary.
Where I am at now, they have a very strict rule on that. If you spam, or are caught spamming, or are caught passing on chain mail letters, or a whole list of rules. They'll punish you in one of three ways (likely)
Slap on the wrist. Basically translates into loss of marks for CS majors, or banishement from facilities for a short period, or a whole list of things.
Banishment from computing facilities on campus. Thus, if you are a CS major or basically any major that requires computer systems use. You pretty much just failed yourself out of university.
Expulsion. This has happened with a few people who were really abusing the system and even had warnings.
Personally, I think if anyone even considers sending a spam on the network to bypass the filters, that they should be expelled immediately, or at very least banished from the facilities permanently. It is a priviledge, not a right to use those facilities. If you abuse them, you should lose that priviledge.
What I do not understand is why don't they just block all incoming traffic to the dorms and labs? Why is it that they allow for this traffic to even make it to the PC in the first place?
Frank Grewe, manager of Internet services for the University of Minnesota in Minneapolis-St. Paul, also wasn't surprised. He says the university does not let client machines be used as servers, employs static IP addresses and tracks the amount of traffic going to and from those addresses.
Why track... just do not allow it in the first place and it will be a whole lot easier. I just do not see a reason in allowing inbound traffic to a static IP address on a campus unless it is a server owned (no pun intended) and operated by the staff. When you allow anyone and everyone to do as they please, all hell will break lose.
I can see the point of some PCs and not others, but it should always be a special case when a PC needs access to it from the outside. This is how most corporate companies run their network. I just do not understand why in most cases all I have to do is 'host -l -t any uni-net.edu' and get a list of hosts to look at and forward my spam on from.
As for the out-sourcing of CS to someone else, I would have to disagree, because it is incidents like this that usually teach people. And when they go on to the corporate world, hopefully, they will remember that they need to lock their network down . It teaches fundamentals, and in this industry, unlike a lot of others and what a lot of corporate big-heads think, it is experience more than education that counts in the long run.
Because blocking incoming connections will not stop the problem. The spammers are using custom written relays to do this - there's nothing stopping them from writing the app so that it actually "phones homes" to get it's workload for the day and then sends the spam.
Blocking incoming connections is good for preventing unintentional use - like when most major MTA's came pre-configured to relay anything. That's not the case now so the use from a stanpoint of preventing intentional unauthorized use by internal users it's really not an effective measure.
A more effective method would be to prevent the workstations from actually sending any mail directly - instead forcing them thru a corporate/university managed relay that can do appropriate anti-spam measures, including throttling excessive senders. This is the tactic that man commercial ISP's are taking the the exact same reasons.
Jeez, what an awful road to go down. The very idea that you cannot be a participant in the internet, and provide your own services, is abhorrent. There should be no problem with a student having his own webserver, mail server (as long as it's not an open relay), finger server, or whatever. Solve problems with specific solutions, not these broad, sweeping, castrating ones.
The way of thinking that you suggest, that only "powers that be" may provide services, promotes consumerism, and prohibits the freedom of individuals.
Your suggestions are antithetical to the very principles that the net was built on, end-to-end.
I am willing in the utmost confidence and secret to help your with some certain relaying needs. My server does waits idle at my residence in an yet to be disclosed location, ready to relay your messages to the considerate masses. In exchange for your sum of $20 per month, my server will confidentiality flood the Internet with your excellent offerings.
I can personally and utmost attest to guarantee that you messages will pass through entire unaltered, and not be redirected to/dev/null, or replaced with the text "I AM RESPONSIBLE FOR X PERCENT OF ALL YOUR SPAM" and your home address & phone number. I would most certainly not monitor every spam you attempted to send at your discretion, and report each and every instance to the immediately authorities.
I trust you to and maintain the highest level of integrity & confidence in this matter.
--- Ham Nbu Jahir, Supreme Commander of Nigerian National Space Fleet
did a little WHOIS digging...... the most important part (CIDR:130.64.0.0/16) just made my firewall blacklist : )
Did you read the article? The University's network admins have the problem under control. Students are being disciplined, PCs are taken off the network when they are found. Tufts runs a responsible and responsive abuse desk. By punishing an organization that has acted properly, you are undermining real anti-spam efforts.
Well, let's see. I just opened my mailbox for an account where I have the email address on a webpage (out of necessity, because I'm trying to conduct business.) There are 72 messages there, and it looks like only 1 is legit.
Here are the first 10 messages (spelling errors are as written):
Would you like to lose weight while you sleep?
Copy Rented DVDs
Extreme Colon Cleanser
Saw your profile on ICQ
Turn back your bodies bilogical clock
Your new credit card app
Increase the thickness of it
Dirty Vixens and Sex Kittens
FREE Bottle of Wine
improve sense of wellbeing rgn452
FREE FOR YOU _ THANKS
The problem is only one of the 70+ messages in my box is legit. This means that I sometimes miss real email messages, and it disrupts my wholesome business (selling 3D cam technology to porn sites.)
For these guys?
1) Open yourself up as a spam relay
2)...
3) Lose network access!
Face it, people, $20/month will get you a shitload of ramen, but is it worth $20/mo to lose your gigabit network access?
Yeah, but don't forget that according to the article this guy sold his Uni access for $20/month - that doesn't add up very many pizzas or beers.
My guess is that guy should have sold his connection for more like $200 - $500 per month, or based on the # of mails or something. $20/month is laughable, considering that he now most likely has been forbidden to connect to the University's network with his personal machine and may have some sort of procedural punishment on his University records.
Dangerous (Score:5, Funny)
What's next? (Score:4, Funny)
Peanuts (Score:5, Funny)
Re:Dangerous (Score:3, Funny)
Maybe we should re-introduce paddling.
Crappy Student Jobs (Score:5, Funny)
Re:Crappy Student Jobs (Score:5, Insightful)
Re:Crappy Student Jobs (Score:3, Funny)
And I thought my job working for Vector Marketing, selling Cutco knives was unethical (network marketing... ugh)
Flashbacks (Score:5, Funny)
Must... sell... knives...
The whole experience still makes me shudder.
Re:Flashbacks (Score:3, Informative)
Though one could make a little money on it, it still smacked of a scam. What salesperson in their right mond would pay $500 to get started to sell anything door to door AND have to generate you OWN LEADS!!!
utterly rediculous.
Re:Flashbacks (Score:4, Interesting)
However, I didn't have to spend any more than $150 to get started (I must have had a benevolent leader).
It didn't take me long to quit. I still don't care for their marketing practices. However, the products are great (more than I can say about Amway's product line). I still have mine 12 years since I got them. They're still as sharp and shiny as ever. I even have an inherited set that's over 20 years old. They're in great shape also.
I'm going to risk sounding like a hypocrite. I say if you never bought Cutco knives, and someone approaches you to buy them, give them a try. Money worth spending. However, don't jump at the first offer. Make it a hard sell for them and get the maximum discount you can. Even offer a single amount, take it or leave it, just slightly below their final offer. You'll get a good set of knives, but at the same time you'll effectively discourage the wayward soul from continuing on that dastardly path. You'd be doing them a favor. There's plenty of youth around for Vector Marketing to continue the practice, just don't allow someone get stuck in it.
Re:Flashbacks (Score:3, Interesting)
They are great knives and I have no complaints what so ever about their quality. If I had the money, I might even buy some myself.
But their tactics, not only for marketing, but especially recruiting is what p1ssed me off to no end. As a teen looking for a job, I called an ad for $15 an hour. They would not tell me what the job was. Perhaps this is a necessary tactic on their part as I NEVER would have bothered to waste my day to go to their seminar.
I likely would buy a couple of knives, but only when one of my friend or realatives corners me into buying them or risk bad feelings between us. Frankly, there are other high-end-ish knives out there that don't rely upon sales and lead generation by guilt.
:P
Re:Flashbacks (Score:3)
I still have my knives, and they still work great decades later (man I'm old).
Re:Flashbacks (Score:3, Funny)
A friend in college asked me if I'd heard of the world's best knives. I told him no, but I owned the world's cheapest knives, so if they ever broke or went dull, it would cost me nothing to replace them.
You know you are old when.... (Score:5, Funny)
You know you are old when:
You had to work a real job to get money in college
People refer to the "good old days" and in your mind it was yesterday
There was no World Wide Web when you were in college (unless you count FTP, BBSs, and Gopher sites)
Your final paper in Computer Hardware Design was on the Pentium processor, and you could only find three sources because it wasn't due to be released for another 6 months.
You post on Slashdot recounting how old you are, hoping someone will think you are cool
Re:Crappy Student Jobs (Score:3, Interesting)
I think they banned anyone living in the UK from 1980 onward from donating blood
Link Here [bbc.co.uk]
and some HTML http://news.bbc.co.uk/1/hi/health/423344.stm
I can think of better uses for them (Score:5, Funny)
Re:I can think of better uses for them (Score:5, Funny)
Business Plan (Score:3, Funny)
2. Set up webcam to watch Anti-Spammers carve up Tufts students.
3. ???
4. Cleanup.
Hey, they have bandwidth... (Score:2, Insightful)
20 Bucks? (Score:2, Funny)
Re:20 Bucks? (Score:5, Interesting)
Realistically though, profit depends on volume. Some few people probably masterminded the idea, and are taking part-profits somehow. If they skimmed $5 from 20 students with relays - that's $100/month. Still not a lot, but cheap for no work.
Where the heck do you live... (Score:2)
Re:20 Bucks? (Score:5, Funny)
20 boxes? (Score:4, Informative)
Tracked using MAC address (Score:5, Interesting)
Interesting that they tracked the individuals down using MAC addresses for computers in their dorms...
I've never heard of any other Uni having the foresight to record this and it seems like a valid piece of info to have to include in any registration document (as per cable modem setup)
Re:Tracked using MAC address (Score:3, Insightful)
Re:Tracked using MAC address (Score:5, Informative)
If you wanted to register another computer you would either have to use someone else's student ID + login/passwd or call up the people for help.
A side note, they were less than familiar about doing it w/alternative OSs that did not automatically bring up the registration page. You either had to use Windows to do it or have them do it manually. I used Windows
Re:Tracked using MAC address (Score:2)
Re:Tracked using MAC address (Score:5, Funny)
A more subtle way is that the college you attend in Cambridge has already implemented this. The only problem with this approach is that all the alumni from Cambridge Universtiy think you're trying to associate yourself with their older and more established college.
Re:Tracked using MAC address (Score:3, Interesting)
Re:Tracked using MAC address (Score:5, Informative)
(Why yes, I did used to be a sysadmin at a college with a bandwidth hogs problem.)
Re:Tracked using MAC address (Score:5, Interesting)
Although it was pretty obvious who was using the most bandwith even w/a tool like iptraf.
Re:Tracked using MAC address (Score:3, Funny)
I pray that these were not separate occasions.
Re:Tracked using MAC address (Score:2, Interesting)
This is quite annoying to students who find out the "MAC tied to port" bit by accidently misplugging their computers into the wrong side-by-side ports after rearranging their desks. Fortunately, it was a triple, and my desk stayed where it was. Heheh.
Re:Tracked using MAC address (Score:4, Informative)
I really don't remember if they used managed hubs/switches, but I recall it was a fairly trivial exercise to figure out where people were in a dorm by counting the IPs assigned (they had some pattern).
-Jack Ash
(Miguel if anyone else from Tufts is reading)
Re:Tracked using MAC address (Score:2)
Well (Score:2)
The DHCP servers only give out IPs to MAC addresses that are registered thus. Also, you have to authenticate with your X.500 account to get an IP from the campus wireless service. This seems so obvious to me I'm surprised more people don't do it ^^;
(Also, for those who read the article, the guy from UofM that says that "we don't allow clients to act as servers"
Re:Tracked using MAC address (Score:2)
I can go to a console, type an IP or MAC and be show exactly what switch and port on campus that is coming from. Pull up the map for that switch and see where that port physically terminates.
Had someone with a rogue DHCP server years ago causing trouble. Right after the class let out, we were able to go into the room and descend upon him. Pretty much freaked him out. Turns out he downloaded something that he didn't know what all it did (was kinda a windows based router for a home network).
plight (Score:5, Interesting)
Re:plight (Score:2)
Restricting SMTP (Score:5, Insightful)
Gripe about it all you want, but had the uni been forcing all outbound SMTP traffic through their mail server, they would have seen this a great deal sooner.
As for a fitting punishment - if these students live in the dorm, they probably eat at the dorm cafeteria. Tell the cafeteria to only server them SPAM.
Re:Restricting SMTP (Score:2)
Re:Restricting SMTP (Score:3, Insightful)
They don't want to make the Internet a better place. They just want to get as much money as possible.
This is why we have a spam problem.
Re:Restricting SMTP (Score:3, Insightful)
My evil college [rit.edu] blocks incoming port 25 on the entire residential network. No exceptions. I cannot run my own mail server. They do provide me with an email address, but do not offer SSL on IMAP or POP. Yeah. Lets send my password that can be used to change my registration and financial info in cleartext over the network of a college with lots of students who know enough to take advantage of it.
Shocking, I say. (Score:3, Insightful)
IMO, colleges should get out of the general IT business all together and contract these services out. They already contract out other things, like food service, landscaping, maintainance, etc. Some departments (CS, etc) obviously may need their own networks, but otherwise it's just a hugely wasteful money pit. Hell, at my university, they spent so much money on useless IT projects that it just boggled the mind -- a lot of the trouble was that they employed fresh grads who would pick up a couple years' experience then skate, so there wasn't enough adult supervision...
Anyhow, back on track: Colleges should concentrate on education and offload these other problems to professionals.
Re:Shocking, I say. (Score:5, Informative)
Colleges do a lot of experimental things because of the large variety of departments with their unique needs. I do not think they should contract out anything, contractors are expensive. Talk about a money pit!
I personally think a university's money would be better spent with a dedicated staff that knows what a university needs and use student labor when they can. It works well. If your university IT department was run poorly, well, that could (and does) happen in any kind of environment, not just acadamia and wont get fixed by hiring contractors.
siri
Re:Shocking, I say. (Score:2)
Re:Shocking, I say. (Score:5, Interesting)
Interesting idea.
When I was a student at Vanderbilt University [vanderbilt.edu] back in 1995-1996, we had a student-run IT department. It was a very novel thing back then, dreamed up by an former student who worked for the school. What they did was give responsibility for some services (Web, mail, FTP, and some development) to student-run teams. These teams implemented these services on Solaris and Linux hosts and were responsible for their maintenance. I believe we were paid as work study employees but the wages were much better than what you could earn elsewhere on campus. I think I made around $9-10/hour.
What was really amazing is how they found around 12 *nix-saavy students in 1996 at a school mostly known for its liberal arts and pre-med curriculum. Somehow, they did. It spread by word-of-mouth and we all just drifted in. It was the ultimate student job.
Chris
Re:Shocking, I say. (Score:5, Insightful)
The difference, of course, is that you actually owned your blood in college. These students are selling something that they're permitted to use in the hopes that it will make them better and more successful students. It's a vulgar abuse of access, and don't gimme that "I pay X*10^y dollars a year to go to school here" crap. If those kids had to pay for the actual bandwidth they consume they'd be paying a fair chunk of that without all those education value-adds.
What I don't understand is why colleges don't make use policies part of housing contracts (most consider and bill bandwidth as a utility like electricity). Do something stupid or commit some vulgar abuse like this and you're out fending for yourself off-campus. Pay your own damn cable bill...
Re:Shocking, I say. (Score:2)
I say 'No', and for two reasons. The first being that colleges already offload enough services to paid contractors....food, books, lawncare, building upkeep, etc. Anytime you involve a contractor, you raise the amount it costs which is passed on to taxpayers if it's a public university, or the students if it isn't. Unnecessary charges.
Second, I dated a girl at Tufts and know they have a decent sized CS/CpE program. Something like this is perfect to give jobs to students at the campus to a) give them a job, b) give them some experience. I won't even go into 'connecting them with their fellow students', that's a crap reason, but a & b are good enough on their own. There's no reason to hire expensive sysadmins when students are HAPPY to work on things like this and they're cheap. At Virginia Tech, we had a couple (remember...Tech is mucho larger than Tufts) chief sysadmins in charge of different colleges and areas, but the rest was student run. Very convenient, the students are many times smarter than the sysadmins.
--trb
Christ I hope not (Score:5, Insightful)
That would be wonderful. Then they could have the network equivalent of the crappy food they serve at the cafeteria. Aaargh.
Also, you mention that the problem is that they only employ recent grads. That's true - but often these kids work at a "hometown discount" while they wait for their gf to graduate or whatever. The college could never afford people as good as their own grads, generally, if they had to pay them what they were worth. If they have to outsource, the cost will skyrocket - or the service will tank. Admittedly, a few adults wouldn't hurt, but the kids usually do a pretty good job. Hell, at our school the permanant hires were paid so little only the braindead took the job. You prayed you got an ex-student to solve your problem if you had one.
Re:Shocking, I say. (Score:3, Informative)
You do realize that alot of university networks have been around longer than most ISPs? Universities are where alot of the early internet research happened. Also, I'd say it is more cost effective to manage the network in-house for a few reasons:
Those networks are so big they require full time support anyway. Might as well do your own hiring. It's no different than a huge corporation having its own huge IT division. Also, students studying IT are great for cheap labor to handle networking grunt work (first tier tech support, go patch this port to that, etc.). The school's IT degree program (if it has one) and a real-world network are mutually beneficial to eachother.
When I was in college... (Score:3, Insightful)
Computer Nerds Gone Wild (Score:5, Funny)
Except instead of making me want to spank myself, I want to spank them.
Can we say expulsion? (Score:4, Insightful)
The kid should be charged the same as the person who put the distributed decryption software, that was all over the news, and expelled.
They got bought cheap! (Score:5, Interesting)
It's sort of like the trend for journalist majors to wind up in PR jobs for corporations doing nasty things. The lure of extra money covers over any hesitation they might have in moving from a supposedly neutral position to one that shills for money.
But $20/month? Man, that's some cheap principles. How about we pay them $21/month to turn against the spammers?
---------
Re:They got bought cheap! (Score:4, Insightful)
Bzzzt! Wrong, try again.
"Did you see the old beat up Ford Escort with a different color fender, no muffler, and a broken windshield?"
Ding! Ding! Ding! We've got a winner! That would have been me.
"The guy that owned the Escort (and I know him well) would have sold his self-respect for a tuna-freakin-fish sandwich. That guy had LESS than $20/mo for food, toiletries, and beer. You wouldn't survive a week in that guys shoes. $20/mo means another case of mac-n-cheese."
No excuse. You find other ways of making money rather than blatantly leeching off society and contributing to a problem that is despised. If you sell out for a price, regardless of circumstances, it means you sold out. Some people hold their integrity in high esteem and will find some other way to make the necessary money.
-------
Re:They got bought cheap! (Score:5, Funny)
H.L. Mencken was at a high society function and speaking with one of the grande dames of society. After some initial witty small talk, he asked her "Madame, would you sleep with me for a million dollars?"
Much laughter later, she agreed.
"Madame, would you sleep with me for one dollar?"
The dame was grievously offended and asked Mencken what she thought she was--some whore?
"Madame, we've already established that you're a whore," he replied. "Now we're just dickering about your price."
Re:They got bought cheap! (Score:5, Insightful)
Well, gee, that excuses everything! I see the light now! After that guy broke into my friend's apartment last year and stole all his electronics, I should've excused him too because he was jobless and living in government housing! After all, I "wouldn't have survived a week in that guy's shoes," now would I?
You know what I did in college when I needed money? I got a freaking job; that's what I did. I spent my days sitting at a desk in a computer lab checking student IDs for $5/hour. I didn't throw in with parasites to get by.
Those students did sell themselves cheap. They could've gotten a real job, but instead they decided to let the bottom-feeders of the Internet take advantage of university resources so that they could get a small token sum of money without having to do a damn thing. They whored themselves out probably because they were too damn lazy to actually try to hold down a part time job while in school. As someone who worked for my food, I have absolutely no sympathy for them. They should be kicked out of housing and maybe even expelled for abusing the university network at the expense of others.
Money for using the computer (Score:4, Interesting)
What does it matter... (Score:5, Interesting)
--Mike
Oh, me, me, pick me! (Score:4, Funny)
spam at all! In fact, I would do it with a full
satisfaction of doing a valuable service to the
community! Please, pretty please, pick (and pay)
me to be your relay!
WBR / lastberserker
.
.
.
[...of course I won't detail on _where_ I would
relay your spam, but what's the matter - noone
would miss it anyways...]
Students selling information (Score:5, Interesting)
The only way I can think of is if someone used finger @ on the machines in the department and then stuck the username with the machinename.
As far as I am aware the finger@ is blocked to people outside the department so I am starting to suspect that some students are behind this.
Especially as the spam is for local companies.
Re:Students selling information (Score:2, Interesting)
The irony of receiving "Get your diploma now..." spam on my university mail account...
Re:Students selling information (Score:4, Insightful)
http://www.google.com/search?q=cb%40cs.man.ac.u
Moral: Put your email address ANYWHERE on the 'Net and you'll get spam.
Re:Students selling information (Score:3, Informative)
Do you have ident running? Could a website you connected to have used ident to get your username and then prepended it to the reverse lookup of your IP?
The university's MIS folks (Score:2)
You know it.. (Score:2, Funny)
!!! MAKE MONEY FAST !!!
Earn as much as $20.00 a month sending out unsolicited email!
...but they could be making $50/hour (Score:4, Funny)
"image problem" (Score:2)
<p>The "image problem" will be when their domain/ip range became listed in the main RBLs.
<p>Will be fun if is discovered who are the students that did that, then the "Revenge of the Nerds" movie will have a new version.
What? (Score:2)
Until I read the article I was under the impression it was an article complaining that the students were not getting a fair enough price for spamming ;^)
Thank Heavens for Diagrams! (Score:5, Funny)
Re:Thank Heavens for Diagrams! (Score:2)
Follow the money? (Score:5, Interesting)
Which makes me wonder, how do the students get paid? Remaining anonymous is critical to spammers being able to continue doing their thing. How does a spammer actually pay someone w/out being trackable? I can't imagine that they send cash.
Re:Follow the money? (Score:2, Funny)
Yikes (Score:2)
Oh great, just wait until someone from one of the entertainment cartels reads that. Coming soon from a congresscritter near you:
HR 34235, The Federal Ban of the File Transfer Protocol Act of 2003.
--K.
AUP? (Score:3, Insightful)
Seriously, I would imagine that surely the IT Department has an AUP that would prevent this behavior along with appropriate actions for dealing with violators?
It could be worse.... (Score:2)
Err, wait...
You mean they pay to use the products ? Or they copy & use them for free ?
Darn, where are we going today....
Free MS bashing, but well, sometimes you just need to have a good laugh ^_-
punishment (Score:2)
Spam is worth something (Score:3, Insightful)
The interesting thing is that the spammers are now paying people to put out their spam. Now each outgoing spam costs something above the overhead costs. Sure, it's something really tiny ($20/??) but it's not zero. I wonder what the price point is that spammers are willing to pay? Would schemes that would charge spammers for their spam really be a deterent? How much would you have to charge?
The School is very liberal..this isn't surprising (Score:5, Informative)
While it is troubling to know that some of my fellow students abused the policy, it really isn't that hard. Though it pisses me off a little that they used University bandwidth for their little endeavor, the school has plenty, due to massive infrastructure installation in the late nineties. It hadn't caused any issues for the school (nobody I know has complained about a slowdown) so it's my opinion that the fact it's a university isn't a big deal. The kids are entrepreneurs, even if it's in a business I despise, taking advantage of the resources they've paid for. The real question is wether the school will add a clause to the acceptable use policy and start to monitor for spammers. Wouldn't be surprising.
Re:The School is very liberal..this isn't surprisi (Score:4, Insightful)
Are we supposed to believe that university network resources are completely supported by tuition? I would venture (though in typical Slashdot fashion I have no numbers) that there's a certain amount of taxpayer money involved. Furthermore, it's very common for end-user bandwidth agreements to include a clause prohibiting the resale of any portion of a connection.
Re:The School is very liberal..this isn't surprisi (Score:3, Funny)
Yikes!
Wouldn't anti-virus software be a better solution?
Look! the 27th '20 Bucks?!? Outrageous!' Post (Score:3, Interesting)
Another shining example of the 'me first' attitude that permeates society. (Especially in the US) -
Crap! It's free money, with no responsibillity attached, and poor college students would stand in line at the finger-smelling factory if they didn't have to work.
I'm surprised it took 20 bucks.
Blacklists work (Score:4, Interesting)
This spring SMTP will be restricted to only approved departmental servers. Anyone else gets dropped at the firewall. It's a shame (academic freedom and all that) but really necessary.
At my University. (Score:3, Interesting)
Slap on the wrist. Basically translates into loss of marks for CS majors, or banishement from facilities for a short period, or a whole list of things.
Banishment from computing facilities on campus. Thus, if you are a CS major or basically any major that requires computer systems use. You pretty much just failed yourself out of university.
Expulsion. This has happened with a few people who were really abusing the system and even had warnings.
Personally, I think if anyone even considers sending a spam on the network to bypass the filters, that they should be expelled immediately, or at very least banished from the facilities permanently. It is a priviledge, not a right to use those facilities. If you abuse them, you should lose that priviledge.
Now... (Score:3, Funny)
Why [insert deity here] Why? (Score:5, Insightful)
Frank Grewe, manager of Internet services for the University of Minnesota in Minneapolis-St. Paul, also wasn't surprised. He says the university does not let client machines be used as servers, employs static IP addresses and tracks the amount of traffic going to and from those addresses.
Why track ... just do not allow it in the first place and it will be a whole lot easier. I just do not see a reason in allowing inbound traffic to a static IP address on a campus unless it is a server owned (no pun intended) and operated by the staff. When you allow anyone and everyone to do as they please, all hell will break lose.
I can see the point of some PCs and not others, but it should always be a special case when a PC needs access to it from the outside. This is how most corporate companies run their network. I just do not understand why in most cases all I have to do is 'host -l -t any uni-net.edu' and get a list of hosts to look at and forward my spam on from.
As for the out-sourcing of CS to someone else, I would have to disagree, because it is incidents like this that usually teach people. And when they go on to the corporate world, hopefully, they will remember that they need to lock their network down . It teaches fundamentals, and in this industry, unlike a lot of others and what a lot of corporate big-heads think, it is experience more than education that counts in the long run.
Re:Why [insert deity here] Why? (Score:3, Informative)
Blocking incoming connections is good for preventing unintentional use - like when most major MTA's came pre-configured to relay anything. That's not the case now so the use from a stanpoint of preventing intentional unauthorized use by internal users it's really not an effective measure.
A more effective method would be to prevent the workstations from actually sending any mail directly - instead forcing them thru a corporate/university managed relay that can do appropriate anti-spam measures, including throttling excessive senders. This is the tactic that man commercial ISP's are taking the the exact same reasons.
Re:Why [insert deity here] Why? (Score:4, Insightful)
Jeez, what an awful road to go down. The very idea that you cannot be a participant in the internet, and provide your own services, is abhorrent. There should be no problem with a student having his own webserver, mail server (as long as it's not an open relay), finger server, or whatever. Solve problems with specific solutions, not these broad, sweeping, castrating ones.
The way of thinking that you suggest, that only "powers that be" may provide services, promotes consumerism, and prohibits the freedom of individuals.
Your suggestions are antithetical to the very principles that the net was built on, end-to-end.
Message to Spammers: (Score:4, Funny)
I am willing in the utmost confidence and secret to help your with some certain relaying needs. My server does waits idle at my residence in an yet to be disclosed location, ready to relay your messages to the considerate masses. In exchange for your sum of $20 per month, my server will confidentiality flood the Internet with your excellent offerings.
I can personally and utmost attest to guarantee that you messages will pass through entire unaltered, and not be redirected to
I trust you to and maintain the highest level of integrity & confidence in this matter.
--- Ham Nbu Jahir, Supreme Commander of Nigerian National Space Fleet
tufts ip address range (Score:3, Interesting)
the most important part (CIDR:130.64.0.0/16) just made my firewall blacklist : )
OrgName: Tufts University
OrgID: TUFTSU
Address: 169 Holland Street
City: Somerville
StateProv: MA
PostalCode: 02144
Country: US
NetRange: 130.64.0.0 - 130.64.255.255
CIDR: 130.64.0.0/16
NetName: TUFTS
NetHandle: NET-130-64-0-0-1
Parent: NET-130-0-0-0-0
NetType: Direct Assignment
NameServer: NS1.TUFTS.EDU
NameServer: NS2.TUFTS.EDU
NameServer: NS1.HIGHWIRE.ORG
NameServer: NS2.HIGHWIRE.ORG
Comment:
RegDate: 1988-06-10
Updated: 1999-12-06
TechHandle: TN2-ORG-ARIN
TechName: Tufts University
TechPhone: +1-617-627-3144
TechEmail: noc@net.tufts.edu
Re:tufts ip address range (Score:4, Informative)
the most important part (CIDR:130.64.0.0/16) just made my firewall blacklist : )
Did you read the article? The University's network admins have the problem under control. Students are being disciplined, PCs are taken off the network when they are found. Tufts runs a responsible and responsive abuse desk. By punishing an organization that has acted properly, you are undermining real anti-spam efforts.
Simple solution (Score:3, Interesting)
Any use of the schools network for the purposes of aiding or supporting spam will result in immediate expulsion. No exceptions.
Simple, brutal, efficient. No more problem.
Congratulations! (Score:2)
Also, wouldn't it be funny if someone named a scripting language after Monty Python? That would look so good on your resumé...proficient in Monty.
Breath in....breath out...breath in....breath out.....Get the idea? You take over from there.
Re:There is one conclusion to be drawn from this. (Score:2)
Here are the first 10 messages (spelling errors are as written):
- Would you like to lose weight while you sleep?
- Copy Rented DVDs
- Extreme Colon Cleanser
- Saw your profile on ICQ
- Turn back your bodies bilogical clock
- Your new credit card app
- Increase the thickness of it
- Dirty Vixens and Sex Kittens
- FREE Bottle of Wine
- improve sense of wellbeing rgn452
- FREE FOR YOU _ THANKS
The problem is only one of the 70+ messages in my box is legit. This means that I sometimes miss real email messages, and it disrupts my wholesome business (selling 3D cam technology to porn sites.)Re:Unrest is born. . . (Score:5, Funny)
Bucks urgently required. Please post formula.
Re:Unrest is born. . . (Score:3, Funny)
Re:Sick of spam? (Score:3, Funny)
And this same person is using the get out of debt spam mails to fix his visa card. Will the cycle never end?
Re:Hmm (Score:5, Insightful)
Yeah, but don't forget that according to the article this guy sold his Uni access for $20/month - that doesn't add up very many pizzas or beers.
My guess is that guy should have sold his connection for more like $200 - $500 per month, or based on the # of mails or something. $20/month is laughable, considering that he now most likely has been forbidden to connect to the University's network with his personal machine and may have some sort of procedural punishment on his University records.