Why not a private news server?

David Cooley n5xmt at bellsouth.net
Mon Nov 29 17:49:37 GMT 1999 

At 11:10 AM 11/29/1999 -0600, you wrote:
>I wonder if you have a clear understanding of the technology (or if you 
>have stock
>in Onelist ;) ).


I do have a clear understanding.  I also have a nephew who used to be a 
hacker/spammer, now working for Symantec.


>How, first of all, how would a spammer find our private news server without a
>really knowing we are there (as we would NOT, I repeat NOT be on the 
>USENET), and
>second of all, how would he then post without a valid userid and password 
>(which
>could be setup as an e-mail address)?????  Spammers are lazy, and will not 
>go thru
>that much trouble to spam a small, specialized group such as ourselves.


They find out what IP addresses respond to pings, then run port scans on 
the addresses found.

They can then determine if that IP supports web, NNTP, SMTP etc.
If a news server is protected by a password, they have crack programs that 
throw usernames/passwords at the systems.  Systems also have backdoors put 
in by the software authors.  Spammers/hackers know these back doors and use 
them.
Spammers are not lazy, as they want to get their message to as many people 
as possible... Out of every hundred people, maybe 1 will be interested.  So 
they spam 100,000 and 1000 show interest.
They don't have to know the server by name.  As I stated before, I am on 
several private news servers (AN intel beta server for one) that require an 
individual username and password.  No one knows of the beta server except 
the people INTEL sends the invite to join to.  We get spammed there almost 
as much as the public newsgroups.


>A private news server would be invisible unless you know it's there, kinda 
>like
>having a web server on the net, but not advertising it's existence and not 
>being
>on the search engines.  No one can find you without directly typing your 
>address,
>then when they do, they need a username and password to view or post.

See above.  They scan a range of IP's and scan the ports on those that 
respond to find their victims.  They don't look for advertised or 
publicized sites.



>It's absolutely, at least as spam proof as Onelist, probably more.
>
>You must be misunderstanding a what a private news server is.  Like I 
>said, even
>the free NNTP server that comes with NT will accomplish what we need, and keep
>spammers out (UNIX is probably far superior).  I setup this very senario 
>on my own
>NT server in about 1 minute.


No I don't.  See above.



>The only interest I have is keeping the list and archives going in the 
>best way
>possible.


And that is what I am interested in as well, but 2 or 3 of the group want 
to badmouth public email servers for a *TEMPORARY* home.  If the interest 
is really to keep the list etc going, then *ANY* options should be considered.
One other factor is to have your info published on a private news server is 
going to take money as well unless someone runs one and is going to donate 
time/resources to the list.  I can't understand how you keep saying the 
news server uses "less bandwidth" than email...  If you send a message to 
100 people, or 100 people log in to access the message, uses the same 
bandwidth.
A problem that the news server approach will cause is when everyone get's 
off work and 4-500 people try to log in during the same time frame to one 
server.  With a mail list, those messages were sent out as they were 
received during the day/night and are picked up whenever the user logs in 
to their ISP, spreading the total load over the whole 24 hour period.  The 
news server will have to be a powerful enough machine that everyone on the 
list can log in simultaneously and still be able to function.  I'm having 
that problem right now with a webserver.
Our company sold one and stated it's limit was 200 concurrent users.  We 
are only at 50 concurrent users and the machine cannot keep up.  It's got 4 
Pentium III/600 MHZ CPU's, 2G ram and 100G hard drive space (All ultra Wide 
SCSI2).  Network connection is via OC-12 622MB/sec fiber.
The machine cannot handle 50, let alone the 200 that my company spec'd it 
out as.  The developers are grabbing log files, watching CPU load etc and 
have decided that the box is full now at 50 and the customer needs to buy 
another box or two to spread the load.


===========================================================
David Cooley N5XMT Internet: N5XMT at bellsouth.net
Packet: N5XMT at KQ4LO.#INT.NC.USA.NA T.A.P.R. Member #7068
We are Borg... Prepare to be assimilated!
===========================================================

More information about the Gmecm mailing list