A heads up for the list's readers. We saw the response to complaints about Wingate's default settings from Wingate's authors several months ago. As a reminder, Wingate is a product to allow IP masquerading through a windows 95 platform. Unfortunately by default it binds to ALL network ports, including the WAN port. Wingate is being used extensively by IRC abusers and is starting to be used heavily by SMTP abusers (ie, Spammers) via the open Socks port on dialup modem connections. As far as I can see, from the point of view of abuse control, wingate is currently a disaster for anyone trying to track abusers. It doesn't log connects by default, so the only way the abusers can be traced is via the netstat command on the victim win95 machine - and most win95 users being relayed through don't have enough of a clue to be able to do this, let alone know that they're being used as pawns in attacks. IRC abuse via Wingates appears to be increasing exponentially as more and more abuse scripts appear which use them. Several seen recently will connect to 50 or more machines in order to effect denial of service attacks on IRC users and services. Presumably the same rapid increase will soon be seen in SMTP relaying attacks. AB
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:41:42 PDT