more on "Rumplestiltskin worm" on the loose?

[David Farber <dave () farber net>]

Begin forwarded message:

From: Rich Kulawiec <rsk () gsp org>
Date: May 11, 2005 2:51:26 PM EDT
To: Brett Glass <brett () lariat org>
Cc: David Farber <dave () farber net>
Subject: Re: [IP] "Rumplestiltskin worm" on the loose?




> What is a "Rumplestiltskin attack?" As described in a paper I wrote
> several years ago (where I coined the term for lack of a better  
> existing
> one), it is an e-mail address harvesting attack in which a machine
> attempts to send e-mail messages to randomly guessed addresses at
> a domain.

Yep, this is a well-known problem within the anti-spam community.
Has been for years.

And blocking port 25 _bidirectionally_ is a recommended best practice
for all consumer ISPs -- well over 90% of the spam/spam attempts logged
here come from the estimated 100M zombies out there which are now
participating in an ongoing global DoS attack via massive spamming.

However, most ISPs refuse to do this.  Comcast, for example, has refused
on the grounds that it would cost them too much money.  It seems that
they are fully aware of the damage their network is doing to others,
they simply don't wish to do anything about it.   And they're far  
from alone.

This is one of the _many_ reasons why consumer broadband ISPs are
major spammers.  (Note: if it comes from YOUR network: it's YOUR spam.
No excuses.)  Oh, they make noises about stopping spam -- but that's  
all.
They have completely failed to do what's required of any competent  
network
operator -- that is, to disconnect abuse-emitting systems IMMEDIATELY
and keep them that way until repaired and adequately secured against
repeat incidents.

---Rsk


-------------------------------------
You are subscribed as lists-ip () insecure org
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/