Slashdot Mirror
Anti-Spammers DDoSed Out Of Existence
Anonumous Coward writes "Not one, but two anti-spam services announced their closure yesterday due to DDoS attacks, massive Joe jobs, threats, and the total lack of interest shown by law enforcement. monkeys.com pulled the plug at midnight with an announcement that makes you think of a suicide note. Short time later compu.net went the very same way. So, when will we see a distributed RBL that can stand up to distributed attacks?"
why cant the goddamn authorities tie in motive with these attacks and go after the spammers who are obviously promoting/funding these attacks?
_+_+__+_+_+_+_+_+_+++
when i moo u moo - just like that
I'm a big advocate for as few (i.e. none) false positives as possible. I consider them way more dangerous than a false negative.... but used in moderation, these services are quite effective in reducting a large number of spam.
Using a spamtrap that using weighted scoring, like SpamAssassin or the like, you can use the data they provide combined with your other heuristics (and whitelists and bayes) to provide a much more accurate view of the overall picture.
--D
I would like to see a Kazaa-like service whereby people can choose to mirror a site (or page or resource) and the site itself becomes distributed among many locations, accessed by using a Kazaa-like browser client. It'd be a nice thing and stop a lot of this stuff from happening. Sure, I can see people using it for bad things too, but as a system, or a concept, it stands up for itself.
If you can have distributed attackers, why not distributed targets?
I hate to sound like the typical crybaby, but why do the good guys always get screwed? If we (the spam-hating/fighting collective) were to do this, I can almost guarentee there would be media and probably law-enforcement backlash against us (as proven by the story of the spammer whose information was leaked by someone).
Now, knowing that law enforcement WON'T do anything against this, what happens when we decide on vigilante justice and return the favor onto the spammers who DDOoSed them (it's an assumption)? Will the law suddenly perk up and seek those who struck back?
And what sort of example is this proving? That Law Enforcement doesn't matter/work with technology as the internet? Is this foreshadowing for the California Anti-Spam bill?
This is your typical example of hitting your little brother/sister back after s/he hit you and your mom catching you only citing "It's always the second person who gets caught."
When modding "Informative", please make sure it both has a source and IS actually informative.
A lot, if not the vast majority of infected zombie attackers out there are located in asia pacific. Trying to track down the responsible admin, and then trying to get a response is -near impossible-. Language barriers, general apathy, it's all there. On top of that a lot of hosts in Korea have awesome pipe.
Seriously, people keep bandying about the idea of using freenet for distribution of blackhole lists, but it's probably absolutely THE best solution to the problems we're facing. The ISPs can only do so much, and when the lists are distributed from a central, known source.. well, we've seen the results of this.
I suggest one of us take up the cause of creating this freenet distribution system. It could revolutionize the way trusted data is passed if it works successfully for an RBL. I'd do it myself, but I'm beyond short of time, and brains for that matter :)
Luck favors the prepared, darling.
We've had a succession of Washington suits yakking on about Information Security, and Cyber War and The Great Potential Threat To Our Infrastructure, and yet when DDoS attacks actually happen, what do they do?
You guessed it. Squat.
There's no votes and no budget in actually fighting crime. There's plenty of capital to be made in selling up the threat, and in promising that you'll fix it, given just a little more time in office, and a slightly larger personal empire.
What I'd like to see is our Dictator of Homeland Security pinned down and made to explain why he's not doing something about the attacks that are happening now. If we can't defend monkeys.com from a DDoS from malicious assholes, how does he expect to believe that we're able to defend safety or economic critical infrastructure from the same kind of attack launched by the truly malevolent?
If you were blocking sigs, you wouldn't have to read this.
The internet seems to become more worthless every day, as more and more of it is hijacked by spammers and other commercialization.
How can we take it back? If we can't, how can we replace it with something more resistant to these electronic malignancies?
I want instant communication with friends and colleagues all over the planet, but I don't want UCE. I want instant access to the world's knowledge on all topics, from crucial news to movie trivia, but I want it without viruses, interstitial ads, popups, spyware, and all that other crap.
By using Linux with some other specialized software, I have erected a defensive perimeter around my internet existence, so the tidal wave of garbage largely passes me by. But the walls need maintenance, and there always seems to be some new leak that needs plugging.
It's regrettable that we need to take such drastic measures, but what really worries me is that the need is increasing with time. Can you imagine the situation where 99% of your email is spam? Is there an alternative to giving up email entirely at that point?
Liberal (adj.): Free from bigotry; open to progress; tolerant of others.
total lack of interest shown by law enforcement
If a MMORPG gets cracked and the rich owners get inconvenienced for half a day, the FBI flips out and immediately mounts an investigation.
However, these guys are repeatedly DDoS'd and nobody cares.
It would seem that the government only cares about cybercrime when big cash is involved.
The US Army: promoting democracy through unquestioned obedience
This is definetly true.
I myself had a runing with Anti Spam sites. For some bizzare reason the IP of my mail server was listed as a spam server. Which is BS as it's only ever used for personal mail.
It took 5 emails and 3 days to get my server IPs of the list.
It's a real bitch. Your mail bounces, you call the ISP that bounced your mail and they tell you that "such and such list", now you got to go to that list and request a removal. The problem is that many of the lists mirror additions but NOT removals. So you get added to one list and tada you're in 20 and got to remove yourself one by one...
In Soviet Russia, the television watches YOU!
And you would trust this file enough to block email based on it's contents??? Accountability is the biggest problem with RBLs, and moving it to a completely anonymous system would loose the last level of trust that they currently have...
The argument doesn't hold water - the actions of the DDOS mastermind and the blacklister are not equivalent.
The blacklister provides information to various people who choose, on their own, to say "I do not like what you are doing, Mr. Spammer, and I will not allow you to use MY system to do it."
The DDOSer says "I don't like what you're doing, and I will not allow you to use YOUR system to do it."
"The legitimate powers of government extend only to such acts as are injurious to others." Thomas Jefferson.
They wouldn't have to dos all of the thousands of machines. All they would have to do is DOS what ever is doing the redirecting. Remember when Microsoft.com was taken down a year or two ago? The script kiddiots took down the router that was the only path way to Microsofts DNS servers. You would have to build a really robust network with all kinds of redundancy. While it is possible you could make something that could with stand most DOS's, it would cost an ass load (even with people volunteering mirrors), which is still a big problem.
And you would trust this file enough to block email based on it's contents??? Accountability is the biggest problem with RBLs, and moving it to a completely anonymous system would loose the last level of trust that they currently have...
If you don't trust it, don't use it.
Why is this concept so damn hard for people to understand? These lists are VOLUNTARY. Mail server admins are not forced to use them. They CHOOSE to use them because they are EFFECTIVE.
Your arguement about putting these lists on freenet hold no water. There's no way these files would go online without a PGP signature, and people downloading them would be stupid not to verify that signature. So long as you trust the signer, you're fine. If you don't trust the signer, don't use the file.
The distribution of the files can be completely automated to the point where an automated script can download the file, verify the signature, and load the contents of the file into a locally running DNS server (I'll even be so bold as to suggest rbldns, which comes with the djbdns distribution). The distribution network would be all but impervious to denial of service, since the only way to bring it down would be to DDoS anything running the freenet client.
Funny how people conveniently forget about these little details when it doesn't suit their arguement...
Not to be overly-dramatic, but when it happens to you it's a nightmare and one of the blackest pits you can imagine.
:), and installing such watchdogs and filters as I could. I cultivated good relations with the folks who supported the server. I did all I could, short of purchasing a server for myself, which I could never have afforded.
Think of spending all your time, energy, heart and soul developing a business (or organization), providing for it, gaining credibility and referrals, making a name and niche for yourself, however small. Imagine you're attempting to support and educate a family via that business.
Now imagine it all wiped away with no thought at all by anonymous monsters of greed.
That's precisely what happened to me. I'm actually not illiterate. I exercised care in building my site, selecting a host for it, making sure it ran Linux
Then I made the mistake of becoming ill. Over Christmas I spent six days in the hospital, and when I came home, a corresponding several days downstairs. They struck during that time. I returned to hundreds and hundreds of bounced messages, angry complaints, bitch-outs, whatever.
A call to the tech support people actually put a stop to the whole thing rather quickly. The spammers were using Sprint, and apparently Sprint lacks tolerance for these issues. I wrote to each and every person who'd bitched, swallowed my pride and explained who I was and what had happened. Some wrote back.
On the practical side, I have now a trusted friend who will look after things for me if I ever become ill again, and I will do the same for him. In fact the two of us may lease a server from a reputable company. That's a huge cost, but it may well be worth it.
On the emotional or impractical side, even eight months later I have an enormous amount of anger. Anger is often un-helpful, but I entertain visions of finding ways to inujure these people (not physically or by violence, but in their ability to do this). I visualize them financially ruined, humiliated in public, hounded out of their neighborhoods. I visualize attacks on their servers. That's all quite counterproductive. In order to deal with the anger part, I spend my spare time writing a novel in which a spammer is murdered. It's not half bad.
Regards,
Anne
DUCT TAPE: The Election Supervisors' Secret Weapon
Good point, but if it is signed, then it is not anonymous is it. But you are correct that this would be much harder to DDOS if signed files were released in this way.
By the way, I don't have any beef with RBL lists. But I have a big problem with ISPs using these lists to reject mail. They should be used by end users, or perhaps by a mailadmin to reject mail to an entire domain. Or they should be used to mark mail as possibly being spam.
ISPs that use these lists to reject mail are being irresponsible, and are most likely doing it without the knowledge of their users. One false positive that gets dropped is one too many when your users don't know it is happening.
It's been reported that SpamCop is paying upwards to $30K / year for bandwidth as a direct cause of the continous DDOS attacks on it.
The spammers are doing everything they can to squeeze the anti-spammers out. They use frivolous lawsuits (aka Mark Felstein and his porn spamming backers) or DDOS attacks that either knock the anti-spam resources off completely or increase the costs so that no hobbyist can run them.
And while all this is going on, the law enforcement agencies are doing nothing to counter the clearly illegal acts of the spammers.
And ISPs are doing NOTHING to reduce the number of zombies on their networks. So the DDOS attacks continue.
Nice going.
It's only a matter of time when someone (Al Queda?) will use the zombie network for something that will truly be noticed.
Proletariat of the world, unite to kill spammers
In Soviet Russia, I ruled you
Well, the problem here is again one of trust. In many ways, an untrusted P2P spam blocklist would be easier to invalidate...all spammers have to do is access the P2P net and start spewing out BS and the whole list becomes worthless.
And then there's the nuisance factor...script kiddies chucking up their enemys' domains as spammers, adding aol.com, etc.
In order to establish trust, you'd have to have one of two things: 1) a trust authenticator, which is a central organization which can be shut down using DDOS and invalidated or 2) a web of trust, requiring admins to opt in to certain zone administrators' records, which would take quite a bit of time and would be very fallible.
Neither is that great an idea.
What IS a good idea is a distributed network of blocklists not like Kazaa, but like an IRC network or DNS. Trusted submitters are given powers like unto moderators to push information to a core set of servers, from which other servers pull their spam blocklists.
We could do this now, using the server mirroring system that already exists for things like Linux kernels. Hell, we could even maintain versioning, to back off mistakenly blacklisted domains.
Of course, the best idea will always be not to publish your email address and to guard it like a hawk. I get maybe 5 spam emails per day and that doesn't bother me at all.
Hey freaks: now you're ju
Apparently Ron is abandoning both but there were two related anti-spam things he did. One was to maintain a blocklist for open proxies. The other was to run a network of proxypots and to use these to discover the IP addresses from which proxy abuse originated. He trapped a lot of spam with those, as well.
Ron made periodic posts to news.admin.net-abuse.email in which he listed the top 40 proxy abuse-source IPs. He also contacted the ISPs from which the abuse originated and was successful in getting many of these to boot the spammers (which is a big reason spammers wanted to put him out of business, it would seem.)
Ron was making real and substantial progress toward ridding the net of spam - even if you never heard of him he was helping you, and the help I speak of had none of the flaws of blocklists.
Spammers look about everywhere on the net, seeking abusable open proxies. That means proxypots will succeed almost anywhere on the net. Just about anyone can help identify spammer IPs and get the spammers thrown off their ISPs. Ron's Top 40 list was a nice bonus and it helped show which ISPs were responsive and which protected spammers. Similar information from a single site (yours, if you'd do it) would be also have great value.
I'd direct you to the Bubblegum proxypot web page but that, too, seems to be down. There's still something you can do even if you don't run a proxypot. If you have a software firewall on your system you can find the log entries for rejected proxy connection attempts. Chances are great that those were made by a spammer. Report the attempt to the appropriate ISP. I'd also suggest letting your ISP know: if spammers are looking in your ISP's space for abusable proxies the ISP can take protective actions. Your ISP also may have greater clout with the spammer's ISP - at least it's worth a shot.
You're comparing the operators of these services to spoiled children, when they've done more for the anti-spam cause than nearly everyone who will ever read your comment. What did they do to deserve that? If they are being selfish for giving up their efforts, doesn't that make you and I even more selfish for never making an effort in the first place?
Who wants to become a volunteer in a world where if your efforts fail you will be seen as a failure and if they succeed you will be seen as an entitlement?
Would this be a bad thing?
I have an uncle who is a trucker. He was amused by this comment. He said the worst time on CB in his memory was from ~1977 to ~1982 or so, before that, truckers primarily used it, with respect for each other and some unwritten "rules". Then it became popular culture and was destroyed. After it "died", you would find it used primarily by truckers, with respect for each other......
Anyone use USENET or IRC before 1997? Gee, it would suck if the Internet died like this.
I think you're missing something. You seem to be implying that the Monkeys.com admin is giving up because he personally can't take the pressure anymore, and that he should try to persevere instead. While that sounds nice, you're forgetting reality:
1) While his servers are under a DDoS attack, nobody can use them, which means the blacklist is basically useless. This is why it's called "denial of service" - the ability to use the service is being denied.
2) The only technical way to withstand a DDoS attack while still continuing to provide service is to increase your bandwidth so you have enough to handle both the attack and legitimate requests. This costs a LOT of money. Another poster mentioned that SpamCop spent $30,000 on this. SpamCop has paid subscriptions (I'm a subscriber myself); Monkeys.com does not. Do you have an extra $30,000 lying around that you could donate? I don't.
3) The non-technical solution is to go through law enforcement. He contacted the FBI, and they didn't know what he was talking about. Perhaps he should keep trying, but due to the nature of the attack, I'm not sure the FBI could help if they wanted to - there's no way to track who is responsible for the attacks, so there's nobody to prosecute for a crime.
$x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
$x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;