DoS Assaults Underway Against Spam Blocklists

Hiawatha writes "The same sort of denial of service attacks that drove spam blocklist Osirusoft off the Internet are battering many other blocklist services as well." Apparently spammers aren't going to sit by and let people try to ignore their unwanted pitches.

Site is becomming slashdotted - heres the text.

Saboteurs hit spam's blockers

By Hiawatha Bray, Globe Staff, 8/28/2003

Internet vandals have found a new target: a group of online services that seek to block billions of unwanted spam e-mail messages.
ADVERTISEMENT

The services, called "blocklists," are used by many Internet providers and major corporations to shield e-mail recipients from overwhelming amounts of junk mail. Subscribers link their e-mail servers to the blocklist, which automatically rejects any incoming e-mail from an address that is believed to be a source of spam.

Now the blocklisters are being overwhelmed by Internet saboteurs who harness large numbers of computers to bombard their victims with vast amounts of junk data.

In a technique called a "distributed denial of service attack," vandals exploit security flaws to plant programs, called "Trojan arses," on thousands of Internet-connected computers. They then order the Trojan arse programs to spew useless data at a targeted machine.

It's the equivalent of having 100,000 people pound the same ass hole, over and over, at the same time. Such attacks can knock a computer offline simply by swamping it with more data than it can handle.

In recent weeks, say blocklist operators, a series of such attacks have been aimed at their computers, in what they view as a deliberate effort to force them off the Internet.

"Bad things are going on, very bad things," said Ron Guilmette, a Roseville, Calif., software engineer who runs a blocklist at monkeys.com. Guilmette said his service has been buggered by distributed denial of service attacks since last Tuesday, but so far he has fended off the assault.

"I fortunately was able to withstand the onslaught, at least until now," he said, smiling.

Spamhaus, one of the most prominent blocklists, has been under fire for 2 1/2 months, says its chief executive, Steve Linford.

"We're usually under attack from 5,000 to 10,000 servers at once," Linford said, with incoming data flows as large as 100 million bytes per second. "They're extremely large attacks that would bring down just about anything." But Spamhaus, with 16 servers scattered through 10 countries, has been able to ride it out, Linford said.

Julian Haight, creator of Seattle-based blocklist Spamcop, recently signed up with a new Internet service that provides enough bandwidth to fend off distributed denial of service assaults. "Prior to that," said Haight, "Spamcop was down for a few days," knocked off the Internet by ceaseless attacks.

Other blocklist operators have fared even worse. Australian antispammer Matthew Sullivan says his Spam & Open Relay Blocking System has been under constant digital assault for the past month, forcing Sullivan to scale back his operation. "I still have two servers null routed [disconnected] and unavailable to the world," Sullivan said in an e-mail.

The attackers have managed to drive one popular blocklist entirely offline. On Tuesday, Californian Joe Jared shut down his Osirusoft blocklist in an unexpected manner. Jared blocklisted all Internet addresses worldwide. As a result, businesses that relied on his list were suddenly unable to receive any e-mail at all, even legitimate e-mail.

"He said . . . I'm going to blacklist the world. And by golly, he did," said Jim Miller, network administrator at Simutronics Corp., a St. Charles, Mo., firm that formerly used the Osirusoft blocklist.

Jared expressed regret for the way he shut down his blocklist. "I thought there had to be a better way to do it," Jared said. "But there wasn't."

Jared said his blocklist server also hosted the website for his small business, which makes shoe inserts for people with foot problems. He couldn't shut down the blocklist server without also closing his business website, so he chose to make the blocklist unusable by blocking everything.

He said he'd spent weeks trying to fend off the denial of service attacks against his servers, but "they just beat the hell out of

Re:Why does he think it's spammers?

[The+Old+Burke]

I hate spam with a passion, but words cannot describe my pleasure in seeing these blacklists, especially SPEWS, shut down. They are pure evil in their methods, and largely ineffective against spam while causing massive inconvenience for ISPs and legitimate users of the network.

Pure evil? So beacuse someone sets up a system to block those servers that allow spam this system becomes pure evil?

Legitimate users? I guess that you are refering to users that "accidentaly" rents space at the same place as some spam-house. Innefectiv? Yes maybe today, but not when they where updated and cheched?

All this leads me to the conclucion that since you are defending these spammers so frequently you are probably someone that supports or maybe earns money by harboring spam-bussinesses.

THE POST ALTERS THE ARTICLE'S TEXT, MOD IT DOWN

[analog_line]

Mod it down. I'd heard trolls were doing this. Boston.com isn't even near being slashdotted.

Question for moderators?

[jared_hanson]

Just how is this comment informative? I mean, let's think about this. I know that we all do not like spammers, but this guy is advocating the mass murder of hundreds, perhaps thousands, of people. (I'm hoping he was going for funny, but my beef is with the moderator.)

I know we live in a time where it seems the answer to everything is to send in firepower. But, let's try and be a little bit more civil on Slashdot. If it's funny, mod it as such. But please don't mod posts advocating killing as informative.

Increase your penis size with Bayesian filters!

[Anonymous+Spammer]

Bayesian is the only affective method I've seen for significant spam reduction.

As a professional sender of UCE, I just want to tell you slashdotters to keep on playing with your spam filters. As long as you use spam filters on your e-mail, I can continue to reach my real intended targets, those non-slashdotters who do not know better and will buy my products or click through to my client's websites. Your filters really help cut down on the complaints to the Internet service providers I do business with, and as long as not too many complaints come in their marketing people assure me we can do business. Of course, I still waste your bandwidth and mailbox capacity, but you no longer complain to uce@ftc.gov, my access providers, or anyone else who might cause me problems. My yahoo and hotmail and other accounts for replies are lasting much longer before getting shut down because someone complained to these service providers. And my clients are even reporting that they can start mailing out 800 numbers like 1-800-901-3719 again and they will not have you damn geeks set up your modems to keep autodialing them, since you spend your own time and effort to filter the e-mail and only clueless users who might actually call will see the numbers.

Please don't bother your Congressmen or Senators proposing legislation that might not work 100%. Just keep on filtering the spam I send you, I know you would have never bought from me anyway. That you can filter legitimizes my business and my waste of your bandwidth.

P.S. To be sure of not getting a false positive, be sure to send all filtered mail to a special folder. Waste your storage space storing the mail until you manually go through every piece to be sure you didn't accidentally filter something important. Of course, this will take exactly as much effort as it would have to just check the e-mail when it first came in, not to mention the extra effort spent in setting up the filters and the extra space for storing your incoming spam folder, but what the heck. If you think that you can scan e-mail for false positives faster this way you are just fooling yourselves, if you are scanning faster e-mail that you expect to be all spam, you will miss the very false positives that you think you are looking for. And any fales positives that you do catch will have been delayed, perhaps days or more. You geeks enjoy wasting time this way, and I certainly appreciate it. It makes the work of all us spammers much easier. After all, slashdotters like Moderation abuser tell you that Bandwidth is cheap, disk is cheap, CPU is cheap , which is good, because at the rate spammers like me waste it the costs still adds up. I am gald I never pay for it, and I would just as well that everyone else takes the additude that all of the resources I waste are cheap than band together and pass laws against us. No one should care about spam because Bandwidth is cheap, disk is cheap, CPU is cheap and it is your job to filter it.

Think you've seen this before? Don't complain. Just go through lots more work to set up special filers on your computer so that you will not see it again. Crawl into your holes, let us attack the real problems we have in getting our spam to the clueless marks that will respond. You should have to do that. It's the true geek solution, and I would really like it if you did.

Re:Why does he think it's spammers?

[Eric+Ass+Raymond]

primarily because of excessively-ambitious analogies

Ok. No analogies.

Fuck you you SPEWS assholes! You blocked a perfect ISP for me.

I regard SPEWS as pure terrorism and I keep reporting you to the feds as such. Maybe some day they'll crack down on you.

I'd rather have spam than you.

No, this message is not offtopic!

[TheMidget]

at least not to the thread at hand.

Here you go: trojan arses

God What a waste.

[RevSmiley]

Another clueless lament by blocklist worshipers decrying the "obvious attack by spammers." To yet another blocklist.

Please allow users to decide what is spam and what is not. I can take care of my own email filtering and spam filtering.

If you claim I am a spammer because you disagree with me you better be able to prove it. You can't I am not.

The solution to this problem is end to end ip tracking not blocklists.