Slashdot Mirror
Anti-Spammers DDoSed Out Of Existence
Anonumous Coward writes "Not one, but two anti-spam services announced their closure yesterday due to DDoS attacks, massive Joe jobs, threats, and the total lack of interest shown by law enforcement. monkeys.com pulled the plug at midnight with an announcement that makes you think of a suicide note. Short time later compu.net went the very same way. So, when will we see a distributed RBL that can stand up to distributed attacks?"
why cant the goddamn authorities tie in motive with these attacks and go after the spammers who are obviously promoting/funding these attacks?
_+_+__+_+_+_+_+_+_+++
when i moo u moo - just like that
I'm a big advocate for as few (i.e. none) false positives as possible. I consider them way more dangerous than a false negative.... but used in moderation, these services are quite effective in reducting a large number of spam.
Using a spamtrap that using weighted scoring, like SpamAssassin or the like, you can use the data they provide combined with your other heuristics (and whitelists and bayes) to provide a much more accurate view of the overall picture.
--D
A lot, if not the vast majority of infected zombie attackers out there are located in asia pacific. Trying to track down the responsible admin, and then trying to get a response is -near impossible-. Language barriers, general apathy, it's all there. On top of that a lot of hosts in Korea have awesome pipe.
Seriously, people keep bandying about the idea of using freenet for distribution of blackhole lists, but it's probably absolutely THE best solution to the problems we're facing. The ISPs can only do so much, and when the lists are distributed from a central, known source.. well, we've seen the results of this.
I suggest one of us take up the cause of creating this freenet distribution system. It could revolutionize the way trusted data is passed if it works successfully for an RBL. I'd do it myself, but I'm beyond short of time, and brains for that matter :)
Luck favors the prepared, darling.
We've had a succession of Washington suits yakking on about Information Security, and Cyber War and The Great Potential Threat To Our Infrastructure, and yet when DDoS attacks actually happen, what do they do?
You guessed it. Squat.
There's no votes and no budget in actually fighting crime. There's plenty of capital to be made in selling up the threat, and in promising that you'll fix it, given just a little more time in office, and a slightly larger personal empire.
What I'd like to see is our Dictator of Homeland Security pinned down and made to explain why he's not doing something about the attacks that are happening now. If we can't defend monkeys.com from a DDoS from malicious assholes, how does he expect to believe that we're able to defend safety or economic critical infrastructure from the same kind of attack launched by the truly malevolent?
If you were blocking sigs, you wouldn't have to read this.
The internet seems to become more worthless every day, as more and more of it is hijacked by spammers and other commercialization.
How can we take it back? If we can't, how can we replace it with something more resistant to these electronic malignancies?
I want instant communication with friends and colleagues all over the planet, but I don't want UCE. I want instant access to the world's knowledge on all topics, from crucial news to movie trivia, but I want it without viruses, interstitial ads, popups, spyware, and all that other crap.
By using Linux with some other specialized software, I have erected a defensive perimeter around my internet existence, so the tidal wave of garbage largely passes me by. But the walls need maintenance, and there always seems to be some new leak that needs plugging.
It's regrettable that we need to take such drastic measures, but what really worries me is that the need is increasing with time. Can you imagine the situation where 99% of your email is spam? Is there an alternative to giving up email entirely at that point?
Liberal (adj.): Free from bigotry; open to progress; tolerant of others.
total lack of interest shown by law enforcement
If a MMORPG gets cracked and the rich owners get inconvenienced for half a day, the FBI flips out and immediately mounts an investigation.
However, these guys are repeatedly DDoS'd and nobody cares.
It would seem that the government only cares about cybercrime when big cash is involved.
The US Army: promoting democracy through unquestioned obedience
This is definetly true.
I myself had a runing with Anti Spam sites. For some bizzare reason the IP of my mail server was listed as a spam server. Which is BS as it's only ever used for personal mail.
It took 5 emails and 3 days to get my server IPs of the list.
It's a real bitch. Your mail bounces, you call the ISP that bounced your mail and they tell you that "such and such list", now you got to go to that list and request a removal. The problem is that many of the lists mirror additions but NOT removals. So you get added to one list and tada you're in 20 and got to remove yourself one by one...
In Soviet Russia, the television watches YOU!
And you would trust this file enough to block email based on it's contents??? Accountability is the biggest problem with RBLs, and moving it to a completely anonymous system would loose the last level of trust that they currently have...
The argument doesn't hold water - the actions of the DDOS mastermind and the blacklister are not equivalent.
The blacklister provides information to various people who choose, on their own, to say "I do not like what you are doing, Mr. Spammer, and I will not allow you to use MY system to do it."
The DDOSer says "I don't like what you're doing, and I will not allow you to use YOUR system to do it."
"The legitimate powers of government extend only to such acts as are injurious to others." Thomas Jefferson.
And you would trust this file enough to block email based on it's contents??? Accountability is the biggest problem with RBLs, and moving it to a completely anonymous system would loose the last level of trust that they currently have...
If you don't trust it, don't use it.
Why is this concept so damn hard for people to understand? These lists are VOLUNTARY. Mail server admins are not forced to use them. They CHOOSE to use them because they are EFFECTIVE.
Your arguement about putting these lists on freenet hold no water. There's no way these files would go online without a PGP signature, and people downloading them would be stupid not to verify that signature. So long as you trust the signer, you're fine. If you don't trust the signer, don't use the file.
The distribution of the files can be completely automated to the point where an automated script can download the file, verify the signature, and load the contents of the file into a locally running DNS server (I'll even be so bold as to suggest rbldns, which comes with the djbdns distribution). The distribution network would be all but impervious to denial of service, since the only way to bring it down would be to DDoS anything running the freenet client.
Funny how people conveniently forget about these little details when it doesn't suit their arguement...
Not to be overly-dramatic, but when it happens to you it's a nightmare and one of the blackest pits you can imagine.
:), and installing such watchdogs and filters as I could. I cultivated good relations with the folks who supported the server. I did all I could, short of purchasing a server for myself, which I could never have afforded.
Think of spending all your time, energy, heart and soul developing a business (or organization), providing for it, gaining credibility and referrals, making a name and niche for yourself, however small. Imagine you're attempting to support and educate a family via that business.
Now imagine it all wiped away with no thought at all by anonymous monsters of greed.
That's precisely what happened to me. I'm actually not illiterate. I exercised care in building my site, selecting a host for it, making sure it ran Linux
Then I made the mistake of becoming ill. Over Christmas I spent six days in the hospital, and when I came home, a corresponding several days downstairs. They struck during that time. I returned to hundreds and hundreds of bounced messages, angry complaints, bitch-outs, whatever.
A call to the tech support people actually put a stop to the whole thing rather quickly. The spammers were using Sprint, and apparently Sprint lacks tolerance for these issues. I wrote to each and every person who'd bitched, swallowed my pride and explained who I was and what had happened. Some wrote back.
On the practical side, I have now a trusted friend who will look after things for me if I ever become ill again, and I will do the same for him. In fact the two of us may lease a server from a reputable company. That's a huge cost, but it may well be worth it.
On the emotional or impractical side, even eight months later I have an enormous amount of anger. Anger is often un-helpful, but I entertain visions of finding ways to inujure these people (not physically or by violence, but in their ability to do this). I visualize them financially ruined, humiliated in public, hounded out of their neighborhoods. I visualize attacks on their servers. That's all quite counterproductive. In order to deal with the anger part, I spend my spare time writing a novel in which a spammer is murdered. It's not half bad.
Regards,
Anne
DUCT TAPE: The Election Supervisors' Secret Weapon
Sorry to interrupt your rant, but...
Does anyone know if law enforcement was even CONTACTED?
As a state prosecutor, I can charge DDoSers with felonies, but I need to be able to track them down, and I need a victim to report the crime.
It's been reported that SpamCop is paying upwards to $30K / year for bandwidth as a direct cause of the continous DDOS attacks on it.
The spammers are doing everything they can to squeeze the anti-spammers out. They use frivolous lawsuits (aka Mark Felstein and his porn spamming backers) or DDOS attacks that either knock the anti-spam resources off completely or increase the costs so that no hobbyist can run them.
And while all this is going on, the law enforcement agencies are doing nothing to counter the clearly illegal acts of the spammers.
And ISPs are doing NOTHING to reduce the number of zombies on their networks. So the DDOS attacks continue.
Nice going.
It's only a matter of time when someone (Al Queda?) will use the zombie network for something that will truly be noticed.
Proletariat of the world, unite to kill spammers
In Soviet Russia, I ruled you
Well, the problem here is again one of trust. In many ways, an untrusted P2P spam blocklist would be easier to invalidate...all spammers have to do is access the P2P net and start spewing out BS and the whole list becomes worthless.
And then there's the nuisance factor...script kiddies chucking up their enemys' domains as spammers, adding aol.com, etc.
In order to establish trust, you'd have to have one of two things: 1) a trust authenticator, which is a central organization which can be shut down using DDOS and invalidated or 2) a web of trust, requiring admins to opt in to certain zone administrators' records, which would take quite a bit of time and would be very fallible.
Neither is that great an idea.
What IS a good idea is a distributed network of blocklists not like Kazaa, but like an IRC network or DNS. Trusted submitters are given powers like unto moderators to push information to a core set of servers, from which other servers pull their spam blocklists.
We could do this now, using the server mirroring system that already exists for things like Linux kernels. Hell, we could even maintain versioning, to back off mistakenly blacklisted domains.
Of course, the best idea will always be not to publish your email address and to guard it like a hawk. I get maybe 5 spam emails per day and that doesn't bother me at all.
Hey freaks: now you're ju
Apparently Ron is abandoning both but there were two related anti-spam things he did. One was to maintain a blocklist for open proxies. The other was to run a network of proxypots and to use these to discover the IP addresses from which proxy abuse originated. He trapped a lot of spam with those, as well.
Ron made periodic posts to news.admin.net-abuse.email in which he listed the top 40 proxy abuse-source IPs. He also contacted the ISPs from which the abuse originated and was successful in getting many of these to boot the spammers (which is a big reason spammers wanted to put him out of business, it would seem.)
Ron was making real and substantial progress toward ridding the net of spam - even if you never heard of him he was helping you, and the help I speak of had none of the flaws of blocklists.
Spammers look about everywhere on the net, seeking abusable open proxies. That means proxypots will succeed almost anywhere on the net. Just about anyone can help identify spammer IPs and get the spammers thrown off their ISPs. Ron's Top 40 list was a nice bonus and it helped show which ISPs were responsive and which protected spammers. Similar information from a single site (yours, if you'd do it) would be also have great value.
I'd direct you to the Bubblegum proxypot web page but that, too, seems to be down. There's still something you can do even if you don't run a proxypot. If you have a software firewall on your system you can find the log entries for rejected proxy connection attempts. Chances are great that those were made by a spammer. Report the attempt to the appropriate ISP. I'd also suggest letting your ISP know: if spammers are looking in your ISP's space for abusable proxies the ISP can take protective actions. Your ISP also may have greater clout with the spammer's ISP - at least it's worth a shot.