Slashdot Mirror
DOS Attack Via US Postal Service
Phronesis writes "Bruce Schneier reports in Crypto-Gram about the slashdot-inspired Post-office DOS attack on SPAM-king Alan Ralsky. More interesting, Schneier writes, is a recent paper on Defending against an internet-based attack on the physical world, which generalizes this attack and discusses how it could be automated and how one might defend against it (you can't stop it, but you could make it harder to effect). From the abstract of the article: 'The attack is, to some degree,
a consequence of the availability of private information on the Web, and the increase in the amount of personal information that users must reveal to obtain Web services.'"
Wasn't the last DOS attack through postal service using anthrax?
http://ebgp.net/ccc/
It's like an executive summary of all the above links.
I could go to any bookstore's magazine section, get out the subscription cards (they aren't even physically bound to the magazine), send them off to the publishers, and check "Bill me later."
There is absolutely no way for a person to prevent against this right now.
The analog solution from the electronic world would be for the publishers send them an confirmation letter or something asking whether they really subscribed.
George W. Bush
President, United States of America
Wasn't the last DOS attack through postal service using anthrax?
would that be the physical incarnation of the "ping of death" attack?
Photos.
quick, if we slashdot the IRS via the usps, they might never get to my taxes!
Oh, but it's DOS all right.
DOS we're familiar with = so many requests for connection that real (legitimate) requests are very slow to get through, if at all.
mailDOS = so many catalogs that finding your real mail (if there is any) is an incredible waste of time, and some pieces (packets?) may be lost (dropped) in the confusion.
If this isn't the best translation of electronic DOS to physical DOS I don't know what is.
So wait, whenever we the people get nailed by 2 tons of junk mail, spam mail, and get our ear talked off by telemarketers, have bill board ads vying for our eye site, and our television sets screaming at us not to mention pop up ads all over the place (unless you have a popup eliminator or use an alternative web browser, long live opera). These things are all "good" but whenever we all collectively get together and nail the hell out of spammers with the pent up rage of 2 million people who can sighn them up for nail mail garbage, it's considered wrong? I think it's nothing more than a reaction from the masses and that it should be expected, after all if they can dish it, they should be able to take it. Side note; while I know that the article doesn't neccessarily refer to the attack against spammers by the slashdot crowd, there hasn't been any other successful campaign of this type that i've ever heard of on such a scale. Time to smack them with a rolled up magazine like the bad doggies they've been
In the case of signing up a spammer or other unscrupulous individiual to catalogs and other physical mail, the companies that are sending these items are directly bearing the cost of your DoS. Sure, Sears can probably afford to send out one more letter, but catalogs are more expensive to print and mail. All these companies are getting screwed out of real money, not some potentially (and oft inflated) accounting of how much time/cost an ISP has for DoS countermeasures.
Sure, I think it's great to spam the spammers, but in doing so you harm legitimate companies more than in the Internet world.
Fun little story...
I recently was out of town for a few days. The tiny little mailbox that my apartment complex provides probably filled up on the second day, so the postal carrier took all of it back to the post office, and left me a lovely note that if I didn't pick it up in a few days, they'd send it all back. Luckily I got back in time to pick up my mail, but it was definitely an inconvenience tracking down which post office outlet had my mail and then taking the time to go get it.
So for a few days my postbox was shut down (mini DOS), because the postal carrier wouldn't leave me any new mail until I found the time to pick up what had already been taken away.
Although this is kinda funny in one isolated case, what also has to be considered is the effect on the Postal Service. Sure, they get paid to deliver this mail, but it's not that easy.
Catalogs and Magazine subscriptions ship at cheaper rates. The rural carriers that deliver mail to people's homes aren't set up to carry mass amounts of this type of mail to people; economically, the post office is set up to run with a balance of junk and first class mail on any given route.
Overload this with a hugh amount of bulk-rate junk mail, and you're putting a burden on the capacity of the carrier routes, which in turn will force the Postal Service to modify fees and/or service.
I would be highly suprised if they pass this charge on to the business customers that generate the bulk mail; this would meet with too much resistance and put pressure on the business relationship. Instead, I wager we'll see the fees passed along to first class, consumer mail either through an increase in postage fees and/or fees for home delivery of mail.
In short - The Postal Service is not the Internet. It is one orginization that can and will respond to this type of abuse, and the end result will be less service / increased cost.
It just goes to show that people should be very careful with their personal information.
Sincerely,
Guy LeBarge
186 Rideau St.
Ottawa, ON
K1A 25U
using System.Awesome;
"...and the punishment of vice, often in an especially appropriate or ironic manner. "
So you see, this is poetic justice, not irony. That said, I'm not mad about this happening to him, is anyone else?
Comment forecast: Bits of genius surrounded by a sea of mediocrity.
let's all write them letters to find out.
I work for a scummy direct marketing company, and can tell you that when people mail back dog shit, dead cats, bricks, etc. it really does slow business down because that mail is not sorted from the legitimate mail. From time to time the bomb squad is even called in to check an unexpected parcel and that can gum up the whole works.
Lex Talionis, the principle of an eye for an eye, is a morally bankrupt code of law we've been moving away from for the past few thousand years, thankfully.
Wrong. Lex Talionis was the principle that you take NO MORE than an eye for an eye - promulgated as an "improvement" in an era where the response to losing an eye (or a purse) might be to do in the alleged perpetrator and confiscate all his worldly goods.
It's morally bankrupt, all right. But only to the extent that if the thief only loses what he stole, and has a nonzero chance of getting away with it, theft remains a profitmaking enterprise despite full enforcement of the law. So it becomes an endorsement of theft as a lifestyle. This is why there are "puntitive damages" - extra penalties to punish the perpetrator (thus making continued misbehavior a losing proposition even with imperfect law enforcement).
None of which applies here. Applying "Lex Talionis" to the spammer would mean spamming him, rather than seeking compensatory and puntitive damages.
===
Which is what they did, isn't it? B-)
===
Lex Talionis also recognizes a moral principal of equivalency, to wit: In an egalitarian society, regardless of what actions you think are fair, you have NO moral gripe if someone does to YOU what YOU did to them. If it was wrong for them to do in retaliation, it was AT LEAST as wrong for YOU to do without provocation.
===
I note, by the way, that your posting is IDENTICAL to one you made several times previously - including in the slashdot article credited with inspring the USPS DDoS attack in the first place. (And that last one I cited was under your own slashdot ID of Chuck Flynn.) Given that, I felt free to repeat, almost verbatim, my response to your most recent previous missive.
The posts that recieve your canned response seem to be any suggestion about spamming the spammers. You wouldn't happen to be a spammer, would you?
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
Alan Ralsky aliases and addresses.
Seems like his "real" address is:
Alan Murray Ralsky
6747 Minnow Pond Dr,
West Bloomfield,
MI 48322
Telephone: 248-926-0688
Current email address: amr777@comcast.net
Years ago, I read about a guy who intentionally signed up for as many catalogs and other junk mail as possible. I think he got 200 lbs a day. He heats his house with it.
Anyone know Bill Gates' home address?