Slashdot Mirror
Anti-Spammers DDoSed Out Of Existence
Anonumous Coward writes "Not one, but two anti-spam services announced their closure yesterday due to DDoS attacks, massive Joe jobs, threats, and the total lack of interest shown by law enforcement. monkeys.com pulled the plug at midnight with an announcement that makes you think of a suicide note. Short time later compu.net went the very same way. So, when will we see a distributed RBL that can stand up to distributed attacks?"
Is there a way to use the technology behind distributed.net or SETI@Home for this kind of application?
just wondering...ank
Still hoping for Gentle Treatment...
Distributed, hidden, can't tell who registerd the file...freenet could fulfill the 'DDOS tolerant' needs here.
"Draco dormiens nunquam titillandus."
From Article II: "A well regulated militia, being necessary to the security of a free state, the right of the people to keep and bear arms, shall not be infringed."
Are we now supposed to "take up arms" against the SPAMmers ourselves?
William
When you're not looking, this sig is in Latin.
Thats actually an *excellent* idea. Not really SETI@Home though, more like peer 2 peer technology.
Why not kill 2 birds with one stone - promote a valid use of p2p, which removes some of the RIAA threat, while simultaneously frustrating spammers.
Most writers regard truth as their most valuable possession, and therefore are most economical in its use - Mark Twain
I think the bottomline failure in the "War on Spam" is that there's no central "root of trust" authority in the e-mail system... that is, no sactioning body regulating the use of e-mail in the way that we can have regulations about use of the PTSN that actually stick.
What I think is going to need to happen eventually is that e-mail is goin gto have to become a closed-system where ISPs have to pay to gain admission and risk ejection if the fail to control the Spam or other abuses coming out from their sources.
The fact is, any time you have an open unregulated communication system, the lowlifes are gonna be the ones who take it over...
I'm sorry but some of these list maintainers are anal, (VERY) self-righteous, awful people who will not listen, not even when the person at the other end of the line is polite, patient, and takes a polite and amicable approach to the issue of getting removed from the blacklist (and punches a pillow after the phone calls and emails instead of being rude to the person).
I'm sorry but with the hell I had to go through to get removed (too much unwarranted ass-kissing, too much putting up with the "I'm only a volunteer" crap) I am only glad to see these anal a-holes go.
OK, IANAL, but I have an idea that so crazy it just might work.
Instead of outlawing spamming, outlaw the purchace of products advertised with spam.
You could enforce this in a similar way to recent online gambling regulations that prohibit credit card companies from honoring transactions for online gambling. So if you sell your products using spam, you can't collect on the payment.
Also, you solve the jurisidction problem of outlawing spamming. Instead of just moving the spammers out of the country, you now discourage spammers from ever sending spam into the country because it would then become illegal for anyone to purchace their products.
And finally, it would discourage the 0.001% of people who are idiotic enough to respond to this crap. "You'll go to jail if you buy this." is just the kind of simplistic message that would get through to these people. When spammers stop getting replies, they won't have anyone to sell thier service to.
This is just an idea, so I'm sure there's a few problems with it. But maybe in order to combat spam, we need to stop trying to go after the spammers and start trying to just make it unprofitable for them to operate in the first place.
A friend of mine, who has a business class DSL had his ip block blacklisted. Seems someone on the ISP had a trojan and was sending out spam. So monkeys.com blocked the entire ISP. And monkeys.com response, contact your ISP. All the customers where in a deadlock, the ISP didnt know why they where blocked, the customers couldnt get unblocked, so every customer trys to contact Monkeys. The ISP couldnt contact monkeys either, monkeys email queue was full. So the ISP threatens to sue, customers threaten to break kneecaps, and the spammers win.
Really, if RBL's can be tricked to block good ISPs, and you get get the IP blocks removed, its flawed and needs to end service.
BTW, I know many people who are switching to whitelists, and even at work, whitelists for internal mail only cuts spam almost 100%. Even earthlink etc, sell whitelist features as a value added service.
These anti-spam lists were notorious for ruining the good names of ISP's who went thru the trouble of eliminating spammers from their ranks only to continue to be listed on these lists.
They couldn't run the damn things right, its probably disgruntled ISP's and not spammers who are DoS'ing them right now. And rightly so.
Mac OS X and Windows XP working side by side to fight back the night.
Dude! I think you're on to a really good idea here!
Why not create some form of public repository to display IP's currently being used in Zombie-based DDOS attacks?
If anyone wants to help me form something more concrete, my jibberished email address should be display above.
How about contacting SANS or maybe Security Focus? (Would this work best as a mailing list perhaps?)
Sig.i>
I want to burn down churches too, but I don't see black lists as a great evil.
Yes they such. Yes they're overkill. Yes removing your IPs is a bitch (been there done that). But I don't see them as the "bad" guys.
They maybe the over zealous crazed fantical lunatics but they're still more "good" than "bad". At least they harbor some good intentions.
The spammer on the other hand are more sinister than the devil as far as I'm concerned.
As far as the church vs adult store comparisson.
The difference is that there are some pople who actualy LIKE having an adult store while NOBODY likes spam.
In Soviet Russia, the television watches YOU!
Here's a thought..
Suppose that the DDoS zombies used use a internet name instead of IP addresses.. Why not change the DNS for monkeys.com & compunet to a nice NSA or FBI address range
Then sit back and wait for this law-enforcement stuff to finaly kick in
I presume your ISP was harboring spammers. That's assuming you are not a spammer. ISPs that harbor spammers do get a chance to terminate them (unless it is a well known spam gang). If they don't, it's probably because the ISP needs a financial incentive to do so. SPEWS provides that. All customers of such ISPs are indirectly supporting the harbored spammers when they pay their ISP bill.
You don't have to use SPEWS if you don't want to. The opportunity to know and understand how SPEWS works, so those who do choose to use it, should read and understand what it means. If blocking ISPs that harbor spammers is not what you want to do, then don't use SPEWS. No one is twisting your arm.
SPEWS has been responsible for getting quite many spammers, who would not otherwise have been by other DNSBLs, kicked off their ISPs, and their spamming abuse activities stopped or reduced for a while. And this is what has pissed off a lot of spammers.
Of course, a lot of customers of the listed ISPs never tried to understand, and assumed they were being accused of being a spammer. What they should have done is pressured their ISP to remove the spammer(s).
now we need to go OSS in diesel cars
Have the blacklist service, still provided by volunteers, hosted by some company, along with their own sites.
Like Yahoo. Google. MS. IBM. You know, BIG companies.
Spammers try to DDoS the company webserver. They probably won't succeed. If they do succeed, or even succeed a little, guess what, you just caused verifiable revenue loss to a company with long arms and deep pockets!
Come on, you "we hate spam, too!" companies! Here's your chance to help out.
Unfortunately the spammers will always win. It is WE (collectively not individually) who are responsible for the proliferation of spam. Spammers are in business to make money and if all those blithering idiots out there who actually RESPOND (i.e. who buy the crap the spammers are selling) would stop, the spam would simply go away because it would no longer be profitable. STOP BUYING THE SHIT THE SPAMMERS SELL. If you simply MUST have the product or service they offer, just go DIRECTLY to the supplier of the product or service. Cut out the middle man and he/she WILL go away.
Paranoia was conceived to make you feel that your reasonable suspicions are unreasonable and unwarranted.
For the time being, why not ressurect gopher, archie and implement a new IPv6 and a new trusted mail system (or even UUCP *icky!*), and just not tell anyone about it?
We're the geeks who run the mail servers. Who is to know if their MTA is changed, so long as users get their mail, they won't notice.
"History doesn't repeat itself, but it does rhyme." Mark Twain
Would it be possible for the zones themselves to be distributed via rsync? Mirrors could be provided, and scripts could be setup easily to handle multiple zones from different 'lists' -- the problems I see here is that the zones would be available to ANYBODY (including spammers) -- However, they are now, just with alot more work involved.
Something to think about... Performing a:
rmerge sync
rmerge dsbl/monkeys.com
would be neat, and would not rely on any external DNS server, as the zones would be locally hosted.
Running the above from crond every 5 hours, etc. would keep the list fresh.
Forum Foundry, Inc.
SPEWS ultimately blocks legitimate email. Indeed, it rejoices in doing so, the argument being that if legit email is blocked, its senders will put pressure on their ISP to kick off spammers.
I can't agree with that being a legitimate tactic. It may be a legal tactic, as the idiots who are itching to hit reply with the same old "It's my server, I can do whatever I want" bunk will point out, but it punishes the wrong people. It's a little like local businesses banding together to refuse employment to anyone living under a landlord who hasn't kicked out a local shoplifter. Just as with that case, "It's my business, I can employ whoever I like". Just as with that case, "They can move can't they?" (Er, yeah, but it's rarely as trouble-free as you pretend. Businesses especially, who tend to be the profitable customers of ISPs, are usually locked into contracts and have paid substantial amounts for everything from dedicated lines to domain names. They, the most critical customers of the ISPs, cannot just up stumps and leave.)
SPEWS has that pitchforks and flaming torches thing about it, it's comprised of people too angry and too childish to consider what the consequences of their actions are. My "Due Diligence" with ISPs is such that I'd prefer to do business with one that works with spammers than one that'd arbitrarily block my email. (Right now, I'm fortunate enough not to have to deal with either, but come the day...)
You are not alone. This is not normal. None of this is normal.
*WARNING* If you're the type of person that can't handle any critism of the open-source/technical community, even from within, you might want to skip to the next message.
There's a funny thing that's been going through my head for years now which these two closures seems to be a part of.
Technical people don't make good administrators.
Years ago when I was in high school I used to run a BBS (bulletin board service - pre popular internet networks of computers). Every few months a SysOp (System Operator, the people in charge) would have a meltdown, send out a message telling everyone how much he'd (there were no women ;-) suffered, how ungrateful the users were and that he was shutting down to teach everyone a lesson.
Nobody ever learned a lesson, and I never felt the lesson they were trying to teach was particularly valuable.
I'm suspicious that this is a natural weakness of any system that relies on volunteer labour. If people don't have a strong (unfortunately usually economic) incentive to continue something, they're more ready to throw in the towel when the seas get rough.
We've all seen open-source projects die where the maintainer spits bile about no one contributing, no companies offering them cushy jobs where they can work on the project, etc, etc, etc. See the story about the Linux Router Project for an example of this.
As a non-technical example, a friend of mine was a volunteer firefighter and he got into the profession when just about every firefighter in his small town quit and they needed to replace the force. A baby had died at a fire they were fighting, and none of them had been able to deal with it, so they quit. Professional firefighters have all undoubtedly had the experience of someone dieing in a fire they were fighting, but you wouldn't expect their whole department to give up afterwards...
With both of these lists, sure denial of service sucks. Given. When you rovide a service for free you expect acolades, guys buying you beers and women offering you their virginity. Best case, sure. But sometimes things aren't going to go your way and it seems so easy to close up shop, which can really screw people there were relying on you.
If Slashdot started suffering sustained dos attacks, you can be sure that they'd figure out a way to get through it, or just button down the hatches until the attacks end. They're earning their livelihoods from this site, so they aren't going to give up on it easily.
Maybe this is something that we should be upfront about as a community. When a service/product is free (as in speech), future extension/maintenance/existance are never guaranteed, and the only thing you're actually getting of value is whatever is there right now. If the service is something necessary that becomes worthless the instant it stops being maintained (rare, but certainly the case in some instances, such as with these two lists or with things like BBSes), than maybe volunteer labour isn't the way to provide it.
Exactly. This is what the Sobig trojan writer was commissioned to do, in my own personal belief. I've read some extensive analysis of what the Sobig trojan and some of the other recent worms that have been crushing the net, and they were explicitly designed to become tools of spammers and denial-of-servicing fleabags.
The sad part is that Ron Guilmette, the fellow who ran monkeys.com, has tried to get law enforcement and the ISP's where the DDoS was coming from interested in this problem and was pretty much rebuffed outright. FBI won't look at it, the ISP's are signing pink contract at double the usual rates at least to keep spammers connected and ignore complaints. No one is interested in helping with this and it's sad.
It's getting more and more like the Wild, Wild West every time I hook up to the 'net anymore. There are people complaining that they don't like the vigilante justice involved with running the DNSBL's. Imagine what your spam load would look like *without* the DNSBL's.
Or imagine the Pandora Project coming to life.
For example, how about getting RMX (Reverse MX lookups) working. A lot RBLs are error prone. A distributed RBL would either not really be distributed (i.e. a central 'committee' that decides who's on the list and lots of mirrors), or a disaster (i.e. anyone on the net can block people). I'm not saying it couldn't be done, just that it would take a Herculean effort to prop up a technology that a lot of people think causes more harm then good.
:P. Older entries would automatically loose 'weight' so that people who change their ways can send email again. People who send in bizarre reports would have those reports weighed lightly.
The ideal (in my mind) anti-Spam 'tool chain' would be RMX and Bayesian filtering along with per-user white listing for messages that are flagged by those systems. A per-domain blacklist of "sites vouch for Spam via RMX" could be created and done on a somewhat distributed system, rather then an IP based system.
Anyway, here's how I would design a distributed blacklist type system. First of all, it would be based on RMX rather then IP space. That way people who are forced to share IP space with spammers don't get screwed. Users of the system could flag mail as 'legitimate' or they could flag it as 'Spam' legit email is sent in only as a counter, and actual Spam is forwarded to a central system. Unlike Kazza or whatever, we wouldn't need to worry about getting shut down by the RIAA so some centralization is OK.
No one person would decide what to 'blacklist' rather, simple counts of spam/non-spam could be retrieved by users. People running mail servers could see the Spam that they supposedly sent and, erm, repent
How do you prevent DDoS? Well, honestly I think the best solution would be to have users pay a small fee going towards hosting on something like Akami. That would be a lot simpler then trying to setup and manage the security of a distributed redistribution system.
We might also have an identity verification system to prevent spammers from faking thousands of accounts to fuck up the averages.
autopr0n is like, down and stuff.
"And ISPs are doing NOTHING to reduce the number of zombies on their networks. So the DDOS attacks continue."
Uh, No.
RoadRunner here in austin is now blocking spoofed packets, I'm sure they arnt the only one.
Most big name bandwidth providers are now rate limiting icmp.
Before anyone cries about this not being enough, I never said it was, I'm just arguing that they are doing something.
I'd rather they do too little than too much, and everyone here(slashdot, specificly your rights online section) should feel the same way. Which would you rather have, DDoS kiddies or every isp limiting you to port80 connections that arnt allowed to stay open longer than a minute and no more than 5 connections/min allowed?
Give us the choice and let the few abuse it and the many enjoy it.
Pain lasts, kid. Its how you know you're alive. Sometimes I think this growing up thing is just pain management-TheMaxx
The internet seems to become more worthless every day, as more and more of it is hijacked by spammers and other commercialization.
While I agree about the effect spamming has had on the Internet, I cannot disagree more about commercialization. Many sites, including Slashdot, could not exist without advertising.
For that matter, do you think access fees cover the cost of the backbone? If the entire Internet were paid for by access fees, everyone's connection would easily cost double or triple what it does now.
Then there's the issue of content. Try to imagine an Internet absent any content contributed by people paid to do so. Sites that provide news, for example, have to pay for servers, admins, bandwidth, and of course news. If they couldn't sell ad space to recoup some of the costs, they wouldn't be there.
I think the Internet is actually getting better rather than worse. It just takes a long term perspective to see it. Before HTTP, my primary source for information was Usenet. Usenet was, and is still, a mess. People could come running into any conversation and stick their "ads" in you face, not paying anyone to do it. On top of that nuisance, the information started lasting less and less time, because warez content started choaking off available space on servers.
Also at that time, email was nearly completely unprotected from spam. I remember hand writing rules for Sendmail to prevent relaying and forwarding a copy to Eric (as well as every admin we got spam from). Before that, servers where wide open to relaying. The idea that people would use non-local mail servers to route mail just wasn't considered in the original design.
Now, we have choices. Information is significantly more persistent and widely available than it was on Usenet. When you participate in online discussions, you can find sites like Slashdot where the noise can be filtered out.
Spam in email is still a problem, but tools exist. Imagine every mail server being a wide-open relay, no bayesian filtering, and no blocklists.
We have tools, now, to make the experience tolerable if not enjoyable. Believe me when I tell you this is better than it was. The necessity to rise above the crap spewed onto the 'net by spammers and the generally unclued has led to the invention of better and better tools and will continue to do so.
Some people have a way with words, and some people, um, thingy.
we need more spam. i think all operators should shut down their lists even temporarily to show everyone what happens(even themselves). either noone will notice a difference or everything will shut down.
there has been no control in the experiment. no real idea of wether it works. if anything it makes more money for the talented spammers, becuase they can send out more spam.
The only solution is all out war!
The problem is that spammers have a significant financial motivation to act in the ways that they do.
Spam fighters, on the other hand, are fighting back and providing services mostly out of the goodness of their hearts. (Check me if I'm wrong, but i've never seen an article on the lavish lifestyles built by opposing spam.) This means that unless we can come up with an *unbreakable* technological solution the spammers will always win the war: they have a financial motivation to fight harder than we do.
The solutions I've heard proposed sound more like problems than solutions: central governing bodies, a regulated internet, pay-per-email, etc all make my crypto-libertarian instincts nervous. If we don't want our commons taken away, we have to defend it ourselves!
So how can we win against an enemy with superior motivation? We need to take away their motivation! We can't ever win by fighting the spammers, so lets start fighting the people funding them!
We need to (legally) DOS the resources of those who are benefitting from spam. This is going to require maturity and restraint in the heat of battle, but if we attack the wrong people, we will be no better than the spammers. Let me propose the following:
Benefits and prerequisites... :) This is where it is key to have high profile trusted and respected figurehead. If Joe Blow organises this on his dsl line, his access gets cut off and the feds disapprove. If an innocent party is wronged than he probably goes to jail. If, on the other hand, ESR organises it, public opinion on the net will massively oppose federal pressure against him and commercial pressure (ie his access being cut off) is much less likely.
Speed is of the essence. Attack must respond to take down target before any profit is made. Scale is important as well. Volume of traffic must decimate servers even on fat pipes (or at least cause high bandwidth $$$ usage). It might even be possible to DOS 1-800 numbers if every subscriber was willing to place a call and complain.
Would all this be illegal? Certainly as a whole the intent is to DOS the target and therefore is illegal. I could even imagine RICO coming into play (this is after all an organized conspiracy to commit a crime). However the actions of those subscribing to the service are not illegal (IANAL, someone else comment). After all, I (as subscriber) am just saving a highly recommended commercial resource for later perusal!
I realise that there is lots of hand waving going on here. But I firmly feel that this may be an instance to fight fire with fire, fight outlaws with vigilante justice, etc. We need to claim our space for our productive use and not for other's pollution and decimation. Fighting spammers directly is like "fighting terrorism". Attacking those who provide the incentive is like taking the battle to host countries of terrorism; a much more likely strategy.
http://metapundit.net
I'm kinda wondering, if I, as a lowly cable modem user, can easily identify hundreds (if not thousands, I haven't completely gone through my firewall logs) of zombies on the same netblock I'm on (68.0.0.0/8).
But the ISPs on that netblock (Cox, Charter, Bellsouth, Adelphia, Verizon, et.al.) can not.
You should see my firewall logs...day after day, the same IPs from the same ISPs are hammering me. It is CLEAR nothing's being done.
Proletariat of the world, unite to kill spammers
In Soviet Russia, I ruled you
The FBI/etc wouldn't know how the attacking host resolved the address, they would simply see DoS packets from the attacking host.
True, at least at first. But it wouldn't take them long to work it out.
A better solution, IMHO, would be to transfer the domain name to someone outside of the US, who he trusts, and let them point it to the FBI or something.