Slashdot Mirror
DoS Assaults Underway Against Spam Blocklists
Hiawatha writes "The same sort of denial of service attacks that drove spam blocklist Osirusoft off the Internet are battering many other blocklist services as well." Apparently spammers aren't going to sit by and let people try to ignore their unwanted pitches.
Of course it probably is spammers, but it wouldn't suprise me if some people who've had themselves blacklisted unfairly would like to ddos some blacklist servers into the beyond.
Personally I don't believe blacklists are the way to go, I think simply intelligent filtering should be installed wherever possible, and eventually spam will die out. I know spammers are smart and work their way around all sorts of blocks, but so are we, and there's a lot more of us than there are of them.
ObDisc:Don't bother flaming me about "collateral damage" or any of that crap, since I'm not the one ddosing the servers, and I've yet to find myself blacklisted, so I'm not interested.
Send lawyers, guns, and money!
Earlier this week when people talked about the writer of SoBig leasing his virus network for spamming many people said spammers wouldn't want to be involved with virii/attacks. I think the DOSing of black list sites pretty much shows that the people sending spam have little moral problem with invading your computer to break the law.
what makes you think its spammers? there a plenty of legitimate email users with a beef against these fascists--me, for one. i had a domain on a subnet that's entirely blocked despite the fact that i don't have open relays nor have i ever done any kind of spamming. several of my clients within larger corporate structures couldn't receive email from me because some PHB read in DildoCTO Quarterly that these lists can stop spam--never mind the fact that they can stop any kind of legitimate email use as well. There were a LOT of times i'd wished i had had the wherewithal to undertake something like this; spammers or not, i applaud the culprits.
I'm not too disappointed to hear of these new attacks. Conspiracy theories and the like aside, I'd rather have the responsibility for SPAM-blocking placed on the client side.
Damnit, if I want a larger penis, then I should be able to read SPAM directed towards that. That being said, I'd much prefer if these SPAM services were forced to be opt-in.
Unfortunately, client-side filtering doesn't adequately address the massive amounts of bandwidth consumed by SPAM operations. Nonetheless, the idea that an autonymous corporation/whatever can decide what is valid e-mail for ME is just as offensive, in my opinion, as e-mail advertising product/scam/idea X.
Peas,
j
Because you can reject mail at the SMTP level. I typically get about 70 emails a day to my own server. About 40-50 get denied by a DNS based filter on qmail (rblsmtpd). Which means on average, only 25 get through to Spamassassin, where another 15-20 are deleted due to high spam thresholds. Then I get about 5-8 real emails, and maybe 1 or 2 spams that make it through (which Mozilla mail promptly eats as spam).
If I had to burn CPU to Bayes-classify all mails, it would bog me down more than I am now (running on Linux on an old PC).
DNS based BL is useful because it doesn't even let it in the door.
I want to delete my account but Slashdot doesn't allow it.
Maybe this is the SoBig.F zombies at work. They have awakened from their "sleeper cells". There was a rummor that they were going to be used by spammers -- but not in this way.
I know it sounds heartless, but as a group, blacklists are becoming less-useful by the minute.
If they were all to disappear today, it would only speed the adoption of much more valuable tools against spam, namely bayesian-type filters that are far more effective.
Has there ever been studies on who responds to spam, and why?
I can easily see web content filtering going the same way eventually.
People need to understand two reasons why they get spam and DDOS attacks:
1. The backbone providers make money based on bandwidth consumption. They don't care whether the traffic is legitimate or not. It's in their financial interest to not take action against DOS/DDOS attacks and they don't. Many top-level providers will not even intervene unless a lower-level ISP's pipes are completely saturated, even if they complain about a DOS attack.
It would be so easy for the backbone providers to implement temporary blocking of DDOS attacks. These types of attacks are identifiable and the whole procedure could be automated and authenticated, but the top-level ISPs make money off spam and illegal DOS/DDOS activity. People need to petition the backbones to start taking responsibility and implmenting measures to shut down networks that have rogue systems consuming illegitimate bandwidth.
2. The local and federal governments do not effectively (if at all) enforce the plethora of existing computer tampering/break in/attack laws that are already on the books. These attacks CAN be tracked. The law enforcement agencies are either ignorant, unmotivated or unwilling to take action.
No new laws are needed. There are plenty of existing laws on the books right now to justify criminal prosecution of these attackers, which don't merely attack relay blacklists, but every other network along the way, making everyone suffer, including systems that don't use blacklists.
We need to hold the proper people accountable for not using the existing legal system to stop this; we need to hold the top-level providers responsible for allowing a majority of the traffic they bill their clients for to be unauthorized and illegitimate.
Imagine if 70% of the time you picked up your telephone someone else was using it? This is what's happening with Internet bandwidth.
A friend of mine who runs an ISP filed a case with the FBI. He had all the evidence, he had $100,000+ worth of damage he could prove. The case was meticulously documented. The FBI felt it was a rock solid case. They presented it to the DAs in multiple juridictions and they refused to prosecute or pursue the case. He even had the perps home address and telephone number and enough evidence to link him to credit card fraud, attacks on major corporations and much more, and the authorities blew the case off and didn't take action.
What makes you think they don't? Most U.S. based ISPs don't require anything more than enough complaints with reasonable evidence to shut spammers down. It's really unnecessary to block an entire /24 or /16 if you think that's what is necessary to get attention. Spamcop, ordb, dsbl, & maps are just great and actually are bold enough to let the world know who they are and what they are doing. Spews takes it WAY too far, are completely irresponsible, are the worst chickenhawks on the net, and completely ineffective. Just for argument's sake, a couple years back, I used osirusoft for about a month with not even a dent in the amount of crap I received in my inbox. But did lose a lot of email from people that should have never been associated with their listings. This cost me time and money. I don't blame the isp who got themself blacklisted because they never received any complaints directly. This was because the only relation between them to the said spammer, was a freaking email address hosted by one of their customers, which was used as a the administrative contact record, for a domain they had nothing to do with.
N.A.N.A.E, Osirusoft, s.p.e.w.s. : Chug one.
I'm happy to see you getting what you've had coming for a long time.
So, write down in your day planner, right there on the date that your current contract is due to expire, this simple action item: negotiate next contract duration to be dependent on the provider not being blacklisted.
Maybe this time it's a decent excuse, but next time you know. And any provider not willing to include a clause that lets you out if they get blacklisted is probably knowingly hiding spammers.
As to whether the provider is really "fine otherwise", to me that's like saying "my new dog keeps chewing the neighborhood kids' finger off, but otherwise he's fine . . . "
I'm really sorry that SPEWS has been a hassle for you and others, but it's worth it to me, and I wish more providers used SPEWS or similar (well, if it ever comes back). And, now that you know, you can plan for this sort of eventuality in the future, because it's only going to get more and more common as spam continues to grow.
everything in moderation
We use Spam Assasin on Sendmail. We have Sendmail configured so that when a message is positively identified as spam, we automatically update our local access file to blacklist the entire class C of the relay host.
I have been watching this closely for several weeks. Originally, I thought there would be trouble -- surely we would nail some legitimate networks and have to unblock them. But NOOOOO! Every day we reject more and more via the local blacklist and it's always the evildoers. I don't think anyone needs a DNS-based blacklist, all you have to do is harvest the power of the spam data you already have.