Anti-Spammers DDoSed Out Of Existence

Anonumous Coward writes "Not one, but two anti-spam services announced their closure yesterday due to DDoS attacks, massive Joe jobs, threats, and the total lack of interest shown by law enforcement. monkeys.com pulled the plug at midnight with an announcement that makes you think of a suicide note. Short time later compu.net went the very same way. So, when will we see a distributed RBL that can stand up to distributed attacks?"

distributed.net rides again?

[ansak]

Is there a way to use the technology behind distributed.net or SETI@Home for this kind of application?

just wondering...ank

Re:distributed.net rides again?

[ansak]

Yeah. I thought it was restricted to calculation, but perhaps there's something in the way of thinking that got us to distributed.net and SETI@Home that could help us get a distributed RBL (dare I say, "DRBL"?).

How about a DNS name that resolves to one of 20 (50? 100? 1000?) different machines all of which are kept synchronized between themselves with RBL lists. Anyone who asks for RBL information, gets any one of the machines in the cluster. Including the DDOSers. How many machines can they DDOS simultaneously? (that's why I kept cranking up that number in the first parentheses) Not all of them, I hope, but the way to find out is to build up a DRBLnet. There has to be a positive use for all those Linux/BSD boxes attached to DSL and cable lines :).

Then if the RBL-client side is modified so that if it doesn't get a response very quickly it asks again (probably getting a machine that isn't currently being attacked...).

just spouting ideas...ank

Sounds like a good use for Freenet

[Matey-O]

Distributed, hidden, can't tell who registerd the file...freenet could fulfill the 'DDOS tolerant' needs here.

Excellent idea!

[DukeyToo]

Thats actually an *excellent* idea. Not really SETI@Home though, more like peer 2 peer technology.

Why not kill 2 birds with one stone - promote a valid use of p2p, which removes some of the RIAA threat, while simultaneously frustrating spammers.

Good riddance

[PincheGab]

Having been unfortunate enough to be assigned an IP block from a previous spammer and having gone through the subsequent ass-kissing I had to do to a black list maintainer that absolutely refused to remove us from the the list, I say the less blacklists there are, the better.

I'm sorry but some of these list maintainers are anal, (VERY) self-righteous, awful people who will not listen, not even when the person at the other end of the line is polite, patient, and takes a polite and amicable approach to the issue of getting removed from the blacklist (and punches a pillow after the phone calls and emails instead of being rude to the person).

I'm sorry but with the hell I had to go through to get removed (too much unwarranted ass-kissing, too much putting up with the "I'm only a volunteer" crap) I am only glad to see these anal a-holes go.

Monkeys.com

[BrookHarty]

A friend of mine, who has a business class DSL had his ip block blacklisted. Seems someone on the ISP had a trojan and was sending out spam. So monkeys.com blocked the entire ISP. And monkeys.com response, contact your ISP. All the customers where in a deadlock, the ISP didnt know why they where blocked, the customers couldnt get unblocked, so every customer trys to contact Monkeys. The ISP couldnt contact monkeys either, monkeys email queue was full. So the ISP threatens to sue, customers threaten to break kneecaps, and the spammers win.

Really, if RBL's can be tricked to block good ISPs, and you get get the IP blocks removed, its flawed and needs to end service.

BTW, I know many people who are switching to whitelists, and even at work, whitelists for internal mail only cuts spam almost 100%. Even earthlink etc, sell whitelist features as a value added service.

Re:Here's what cracks me up

[chabotc]

Here's a thought..

Suppose that the DDoS zombies used use a internet name instead of IP addresses.. Why not change the DNS for monkeys.com & compunet to a nice NSA or FBI address range

Then sit back and wait for this law-enforcement stuff to finaly kick in

Re:SPEWS RIP?

[squiggleslash]

If I play Russian Roulette, I only have a one in six change of blowing my brains out. I still don't consider it a good idea. I run fairly sophisticated SPAM blocking myself (see my journal) and I'd consider it an absolute failure if it blocked "one in two hundred" legitimate emails. One is too many.

SPEWS ultimately blocks legitimate email. Indeed, it rejoices in doing so, the argument being that if legit email is blocked, its senders will put pressure on their ISP to kick off spammers.

I can't agree with that being a legitimate tactic. It may be a legal tactic, as the idiots who are itching to hit reply with the same old "It's my server, I can do whatever I want" bunk will point out, but it punishes the wrong people. It's a little like local businesses banding together to refuse employment to anyone living under a landlord who hasn't kicked out a local shoplifter. Just as with that case, "It's my business, I can employ whoever I like". Just as with that case, "They can move can't they?" (Er, yeah, but it's rarely as trouble-free as you pretend. Businesses especially, who tend to be the profitable customers of ISPs, are usually locked into contracts and have paid substantial amounts for everything from dedicated lines to domain names. They, the most critical customers of the ISPs, cannot just up stumps and leave.)

SPEWS has that pitchforks and flaming torches thing about it, it's comprised of people too angry and too childish to consider what the consequences of their actions are. My "Due Diligence" with ISPs is such that I'd prefer to do business with one that works with spammers than one that'd arbitrarily block my email. (Right now, I'm fortunate enough not to have to deal with either, but come the day...)

I'm taking my ball and going home

[Champaign]

*WARNING* If you're the type of person that can't handle any critism of the open-source/technical community, even from within, you might want to skip to the next message.

There's a funny thing that's been going through my head for years now which these two closures seems to be a part of.

Technical people don't make good administrators.

Years ago when I was in high school I used to run a BBS (bulletin board service - pre popular internet networks of computers). Every few months a SysOp (System Operator, the people in charge) would have a meltdown, send out a message telling everyone how much he'd (there were no women ;-) suffered, how ungrateful the users were and that he was shutting down to teach everyone a lesson.

Nobody ever learned a lesson, and I never felt the lesson they were trying to teach was particularly valuable.

I'm suspicious that this is a natural weakness of any system that relies on volunteer labour. If people don't have a strong (unfortunately usually economic) incentive to continue something, they're more ready to throw in the towel when the seas get rough.

We've all seen open-source projects die where the maintainer spits bile about no one contributing, no companies offering them cushy jobs where they can work on the project, etc, etc, etc. See the story about the Linux Router Project for an example of this.

As a non-technical example, a friend of mine was a volunteer firefighter and he got into the profession when just about every firefighter in his small town quit and they needed to replace the force. A baby had died at a fire they were fighting, and none of them had been able to deal with it, so they quit. Professional firefighters have all undoubtedly had the experience of someone dieing in a fire they were fighting, but you wouldn't expect their whole department to give up afterwards...

With both of these lists, sure denial of service sucks. Given. When you rovide a service for free you expect acolades, guys buying you beers and women offering you their virginity. Best case, sure. But sometimes things aren't going to go your way and it seems so easy to close up shop, which can really screw people there were relying on you.

If Slashdot started suffering sustained dos attacks, you can be sure that they'd figure out a way to get through it, or just button down the hatches until the attacks end. They're earning their livelihoods from this site, so they aren't going to give up on it easily.

Maybe this is something that we should be upfront about as a community. When a service/product is free (as in speech), future extension/maintenance/existance are never guaranteed, and the only thing you're actually getting of value is whatever is there right now. If the service is something necessary that becomes worthless the instant it stops being maintained (rare, but certainly the case in some instances, such as with these two lists or with things like BBSes), than maybe volunteer labour isn't the way to provide it.

Re:Can't ISPs do something?

[Eggplant62]

How are they doing the DDOS, using PCs infected with a trojan?

Exactly. This is what the Sobig trojan writer was commissioned to do, in my own personal belief. I've read some extensive analysis of what the Sobig trojan and some of the other recent worms that have been crushing the net, and they were explicitly designed to become tools of spammers and denial-of-servicing fleabags.

The sad part is that Ron Guilmette, the fellow who ran monkeys.com, has tried to get law enforcement and the ISP's where the DDoS was coming from interested in this problem and was pretty much rebuffed outright. FBI won't look at it, the ISP's are signing pink contract at double the usual rates at least to keep spammers connected and ignore complaints. No one is interested in helping with this and it's sad.

It's getting more and more like the Wild, Wild West every time I hook up to the 'net anymore. There are people complaining that they don't like the vigilante justice involved with running the DNSBL's. Imagine what your spam load would look like *without* the DNSBL's.

Or imagine the Pandora Project coming to life.