Slashdot Mirror


Lycos Declares War on Spam Servers

Psychotext writes "The Register have posted a story about a new screensaver from Lycos that targets known spam servers (taken from spamcop and verified by hand) with traffic in order to raise their bandwidth costs and hopefully price them out of the game. Lycos state that this is not a DDOS as Lycos monitors the site's responsiveness and throttles back when the site starts to falter. The screensaver is available here for Mac OSX, Mac OS9 and Windows, though you might need to lie about what country you are from." Reader JohnGrahamCumming writes "As part of preparing for the MIT Spam Conference I've put together a survey on what people are experiencing out there with spam, what they are doing about and followed it up with a test of different views of an inbox filled with spam and ham. You can take the test and be part of the survey results in January."

7 of 567 comments (clear)

  1. This is NOT A DDOS!! by Eric(b0mb)Dennis · · Score: 5, Interesting

    I like how they state, even though that this screensaver overwhelms the server with requests, and can from many different sources, IT IS NOT A DDOS!

    Actually, it's a great idea, now only if a cool Open source dev would make an open version of this and take away that whole throttling thing.. who would they sue?

    It would be the gnutella of ddos's!

    --
    Excuse me, I don't mean to impose, but I am the ocean
    1. Re:This is NOT A DDOS!! by JWSmythe · · Score: 4, Interesting


      No, to be a DoS attack, they must attempt to deny service.

      If I take an extra 100Mb/s on a 1Gb/s line, does it slow down my network? No. Was it an attempt to do so? Yes.

      Several years ago, Some kid got on two boxes at his university. They had a T3. We had a T3 (like I said, several years ago). They were pushing 30Mb/s constantly at my one box for two days. It started on a Saturday night. It wasn't enough to knock my box down.

      I sent a nice email over to the school with all the information I had. Needless to say, there was hell to pay over at the school. They were terribly concerned why *THEIR* network was having problems all weekend. They were very thankful that I informed them.

      Now, was that an attempt at a DoS? Yes.

      Was it enough traffic to actually break anything? No.

      Did the kid get expelled from the school? Yes.

      Now the bigger question, if the school hadn't handled it, where do I go next? To their ISP. Well, actually my ISP, who would contact their ISP, and threaten to block whatever block size necessary to stop it. a /8 should be sufficent, I'd think.

      "Sorry, we're going to null route your /8 until you can contain the problem on your end."

      That'd go over really freakin' well, I'm sure, especially if my provider is big enough. :)

      If they're on the same provider, someone's service is getting immediately disconnected. Yes, I've been in on those calls, both for DoS attacks, and for spam.

      ISP: "There's a customer on x line that's spamming"
      Me: "Well, not that my opinion matters, but I would have already shut them off."
      ISP: "We did about 5 minutes ago."

      But hey, however they want to play the game. It's their company.

      --
      Serious? Seriousness is well above my pay grade.
  2. aa419.arg anyone? by whoever57 · · Score: 5, Interesting

    Isn't this the same as the "Artists against 419" site is doing?

    --
    The real "Libtards" are the Libertarians!
  3. Re:LAW SUIT by Anonymous Coward · · Score: 5, Interesting
    This will never survive the legal challenges it will face.
    It doesn't matter. What Lycos is doing here is showing an idea to the world, and rather selflessly opening themselves up to legal issues in the process.

    Now, they aren't the first to come up with this sort of attack against spam. Lots of geeks (myself included) have run continuous wget fetch sessions against particularly annoying spammer sites. There's a program called "Spam Commando" or something similar which fills out spammers' web forms with bogus but real-looking inquiries, thus wasting the spammers' time. I've thought several times about writing a little win32 app to do what Lycos' screensaver is doing, but couldn't get past the obstacle of "why would people trust my list of spam sites and use the program?" I should have thought of partnering with Spamcop ;)

    In any case, this is the first time that a company, as opposed to some guy in his spare time, has stepped up and said "Hey, we think this is a good idea." And that's all it takes. This sort of thing generates press. The press will probably lead to lawsuits, as you point out. The lawsuits will inevitably lead to Lycos disabling the screen saver.

    But here comes the beautiful part:

    That's where a few geeks step in and take over.

    Look at Gnutella. Nullsoft got bitch-slapped by AOL and told "you can't do that." The rest of the internet replied, "maybe you can't, but we sure as hell can."

    Mark my words, if legal action shuts down Lycos' screensaver, a free, open-source, anonymously distributed alternative (or three) will take their place.

    Thanks, Lycos, for shouldering the initial risk.
  4. This may be a hoax by Animats · · Score: 4, Interesting
    Look up the "whois" info for "makelovenotspam.com".
    • Starring Ltd AB

    • Kungsgatan 6
      Stockholm, 111 43
      SE


      [Administrative contact] Brockman, Didde
      Starring Ltd AB
      Kungsgatan 6
      111 43 Stockholm
      SE

      Email: technical@starring.se
      Phone: +46 8 6144600
      Fax: +46 8 6144610

    The sites use Lycos logos, but it's not at all clear that Lycos has anything to do with this. While these sites link to Lycos, there's no obvious link to it from the Lycos main page.

  5. Re:Two words: by qengho · · Score: 5, Interesting


    (on a business network) many of your users install and run the screensaver and suck up your own bandwidth as well as that of the spammers.

    I installed it and it doesn't seem to use much bandwidth (MacOS X). It does, however, seriously cut into the Folding@Home CPU cycles, so I'm not sure how long I'll play with it. I think I'd rather help cure diseases than DDOS spammers, even though the latter is immensely satisfying...

  6. Re:LAW SUIT by JWSmythe · · Score: 5, Interesting


    I wrote a proof of concept once, similiar to your form filling script.

    Someone said that you can't spam and hide it.

    I wrote a script to prove you could. It took about 20 minutes to put together to my satisfaction.

    I had 3 files. A names file, a domains file, and a words file.

    It would take one to three words from the "names" file, and generate a name. It would take some combination of those, sometimes with a random character or two, and then take a random domain from the "domains" file, to form an Email address.

    I'd then take the "words" file, and make a subject line 2 to 15 words long, and a message body that was between 10 and 100 words long.

    To some of the messages, I attached arbitrary length attachments (generated as it ran), with filenames from the 'words' file, and I think 8 common extensions (.doc, .txt, .zip ....)

    I then used a common misconfiguration in web proxy servers (allowing CONNECT), and set it up to randomly select proxy servers to mail through, all over the world.

    Then I said "are you sure about what you said 20 minutes ago?"

    He said "yes".

    I ran the script. He was receiving about 1000 messages per minute, and couldn't tell what was real and what wasn't. They only thing he knew is that he saw text scrolling by on my screen (a little status information for myself), and me laughing my ass off.

    There was absolutely nothing consistant with the messages. Different senders, different bodies, different attachments (if they existed at all), and all coming from different "mail servers". The receiving mail server assumes the IP it received from is the previous mail server, so those proxies showed up in the header.

    I never did run it against a spammer. It wasn't worth it. You know the 'from' address is bogus anyways. Any address they may list on their site is probably bogus ( remove_me@bad.spammer.com ? ha!). It was proof of the concept that anything can come from anywhere. He couldn't identify that it was me, because the was nothing to identify that it was me. The only way he could have possibly found out that it was me (other than my laughing), was to try to contact these ISP's with misconfigured proxy's, and ask them to give him the IP who sent it through. Good luck. I don't speak any Chinese, and at least 100 of those proxy servers were over there.

    --
    Serious? Seriousness is well above my pay grade.