Wake Up! (was: spamspamspam)

[David Stoddard <dgs () us net>]

Jared Mauch writes:
>       gcc sources aren't as bloated as emacs sources.
>
>       What you need to do is find a way to send the mimed sources to
> someones text pager.  Either that, or uuencoded to their pager.  Then
> build a compiler on the pager and put emacs on it.
>
>       - Jared

        So, as a "responsible" ISP, you advocate denial of service attacks?
        You are either incredibly naive or intensely stupid to advocate
        that position.  Is that how you want people to deal with you when
        your customers violate your AUP?  I really want to hear your
        justification for mail bombing ... maybe you have one for SYN attacks
        too?

        Frankly, there is NO valid reason for ANYONE to retaliate in this
        manner.  As an ISP, if you have a customer that spams someone, you
        get flooded with hate mail -- this mail continues long after you
        have wiped the abuser out of your system.  But in the event someone
        decides to mail the source to Linux 1000 times to your server,
        copying abuse, root, postmaster, and support, they kill off your
        entire site, denying thousands of innocent users Internet access.
        The number of hours I have wasted over the past four years chasing
        down hackers and mail bombers has been a real pain.  I have ZERO
        tolerance for this behavior.

        If someone mail bombs my site, I will do everything in my power to
        track them down and have them put in jail.  Mail bombers are criminals.
        If you are mail bombed and have the mail logs, here is a good place
        to start in your efforts to prosecute the bastards: The FBI Computer
        Crime Squad in Washington, DC -- 202-324-9164 -- ask for Rich Ress.
        If the mail bombing is continuous, you can get a court order to
        have the FBI seize their equipment in a few hours.  You may want to
        to to the federal prosecutor in your jurisdiction too.

        If you provide access to military bases, you are in an even better
        position to nail these folks.  And be sure to file civil suit against
        them too.  If they respond to the suit, you can get them to spend
        thousands of dollars in their civil defense (not to mention their
        criminal defense).  If they don't respond, you can file liens on 
        everything they own.  I also find it useful to dispatch a press
        release in the home town of the hackers, identifying them and the
        details of the crime and its investigation.  Call the TV stations
        in their area too -- the local news loves to report on high-tech
        crime.

        In the event the hackers are international, you can filter their
        IP addresses and notify their upstream providers that the filters
        will remain in effect until they can provide assuarance that the
        threat has been eliminated.

        As a community, we need to slam hackers as hard as we possibly
        can.  As individual companies, we have very little to fight them
        outside of the means listed above.  But collectively, we could
        black list rogue sites using IP filtering.  I think that hackers
        would consider things twice if they knew they were about to lose
        connectivity to half the world because of their actions.  I am
        interested in what the other folks think about this too.  The
        time for complacency on this issue is over.

        Dave Stoddard
        US Net Incorporated
        301-572-5926
        dgs () us net

- - - - - - - - - - - - - - - - -