SpamSlayer - should we DDOS spammers?

pointbeing writes "Just read this article about a company called Blue Security that essentially floods a spammer's website with requests to unsubscribe members - we're talking thousands of requests per day - the company's CEO says that fighting back by "inducing loss" against spammers is the only way to eventually stop them. Although I hate spam as much as the next guy, is participating in a DDOS attack the way to bring spammers to their knees? If it's okay in this instance, it it okay to DDOS the next guy who does something we don't like? "

Slashdot

[ZakuSage]

Wouldn't it just be easier to slashdot a site owned by a spammer company?

Re:Sophistry at its finest...

[JustinKSU]

Isn't there some rule of thumb - never fight evil with evil? This is a vigilante approach which is reserved exclusively for BATMAN

Re:Sophistry at its finest...

[shokk]

Easy! To get around all these little rules, we'll just hijack a bunch of PCs to our dirty work for us. I'm sure the owners will not mind helping out for a truly noble cause. Then, we'll use servers in countries with questionable laws to control the DDOS. Then, to raise money to help us out in our quest, we'll use these servers to also mail out requests to help us secure our target US$20mil by sending us a paltry US$20k. We've got the spammers beat in will power AND on the moral high ground!

Just a thought...

[PornMaster]

Does sco.com have an unsubscribe link? ;)

Instant Karma

[ledbetter]

Sorry, but I can't feel bad for spammers (or sites that support them) who get DDoS'ed. They make their $ by annoying millions in the hopes that hundreds will be gullible enough to buy their crap. What goes around comes around... and I fully support the use of DDoS attacks against these loosers.

Furthermore.. the repeated HTTP requets should include in their USER_AGENT header the following so it shows up in the logs ("LOOKS_LIKE_YOUR_WEB_SERVER_NEEDS_SOME_V1aGrA")

Re:Do two wrongs make a right?

[nurhussein]

This beggs me to ask, do twon wrongs make a right?

I don't know, but if two wrongs do make a right then your above sentence contains no spelling errors whatsover.

Of course we have to DDOS them

[Weaselmancer]

...because it's illegal to castrate them.

Re:I don't think so

[richy+freeway]

skip the ads and jump right to the good articles.

Jump to the what?

How I Learned to Stop Worrying and Love the Spam

[milimetric]

Mr. President, we are rapidly approaching a moment of truth both for ourselves as human beings and for the life of our nation. Now, truth is not always a pleasant thing. But it is necessary now to make a choice, to choose between two admittedly regrettable, but nevertheless *distinguishable*, postwar environments: one where you got twenty million people spammed, and the other where you got a hundred and fifty million people spammed. Hello? Hello, Dimitri? Listen, I can't hear too well, do you suppose you could turn the music down just a little? Oh, that's much better. Yes. Fine, I can hear you now, Dimitri. Clear and plain and coming through fine. I'm coming through fine too, eh? Good, then. Well then as you say we're both coming through fine. Good. Well it's good that you're fine and I'm fine. I agree with you. It's great to be fine. Now then Dimitri. You know how we've always talked about the possibility of something going wrong with the spam. The spam, Dimitri. The email spam. Well now what happened is, one of our base commanders, he had a sort of, well he went a little funny in the head. You know. Just a little... funny. And uh, he went and did a silly thing.

Time for Ye Olde Standby

[ravenspear]

Your post advocates a

( ) technical ( ) legislative ( ) market-based (x) vigilante

approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)

( ) Spammers can easily use it to harvest email addresses
( ) Mailing lists and other legitimate email uses would be affected
(x) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
(x) It will stop spam for two weeks and then we'll be stuck with it
( ) Users of email will not put up with it
( ) Microsoft will not put up with it
(x) The police will not put up with it
( ) Requires too much cooperation from spammers
( ) Requires immediate total cooperation from everybody at once
( ) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
(x) Anyone could anonymously destroy anyone else's career or business

Specifically, your plan fails to account for

(x) Laws expressly prohibiting it
( ) Lack of centrally controlling authority for email
(x) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
(x) Asshats
(x) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
(x) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
(x) Extreme profitability of spam
( ) Joe jobs and/or identity theft
( ) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
( ) Dishonesty on the part of spammers themselves
(x) Bandwidth costs that are unaffected by client filtering
( ) Outlook

and the following philosophical objections may also apply:

(x) Ideas similar to yours are easy to come up with, yet none have ever been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
(x) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
( ) Sending email should be free
( ) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
(x) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough

Furthermore, this is what I think about you:

(x) Sorry dude, but I don't think it would work.
( ) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your house down!

One time, at band camp...

[litewoheat]

My mail server got hacked and ( )\/\/ |\| ) by some sleazebag spammer. It ended up sending a bunch of spam that had a URL to click on to "sign up" for their wonderful offer. After recovering and updating the mail server I wrote a quick little program that ran overnight that filled in this web form with garbage, but not random garbage that could be filtered out. To a machine each record looked valid. I ended up inserting over 200k records into their database making it worthless. I did it again a few times when I was able to get an IP address that didn't get blocked at the server.

Was it right? Probably not. Did it feel good, HELL YES.

Re:I remember when this debate started

[EvilStein]

We *should* have tracked them down and obliterated them years ago.

I can't wait until we can travel back in time and flog those two. Had they been slapped down hardcore when it first happened, we'd have:
* Less lawyers
* Less spammers.

I'm failing to see a bad side to this. ;)

Re:Sophistry at its finest...

[joranbelar]

Well, here's an idea - rather than go the vigilante route, why not pursue the natural alternative: government control.

No, I'm not talking about enacting more laws, I mean having the government declare a "war on spammers", where DDoS attacks are used against them by the military in a digital carpet-bombing campaign.

That would take care of the whiny limp-wristed liberals crying "slippery slope" and "no better than them", and it would satisfy the bloodlust of the neocons. We could even hold spammers indefinitely in military prison camps by labelling them "enemy combatants".

Think of the possibilities!

Re:Sophistry at its finest...

[shmlco]

The vast majority of spam I receive doesn't want a lead, it wants SALES.

Oh, wait, I see what you mean. Okay guys, the next Viagra e-mail you receive, eveyone go to the site and buy something.

The vast flood of orders will overload their system and stress their payment systems. That'll teach them...

That's exactly what they want!

[gknoy]

That will merely 1mpr0ve the s1ze of their ordering system!

maybe we should market such spam to spammers.... ;)

Heres a one liner to combat spammers

Oneday I was sitting at the console of my gateway pouring over the logs. I noticed that the requests for port 25 was unusually high. Mostly resolving to .cn. Anyhow I banged out this one liner and let it run for a few hours, and had tcpdump keep track of everything from another upstram box.

(not verbatim, but you get the point)

# cat /dev/random | nc -l -p 25

Entertainment soon ensued as they threw every script they had at the box trying to figure out WTF it was.