Politech mailing list archives

Previous By Date Next
Previous By Thread Next

Monkeys.com anti-spam blacklist shuttered by online attack [sp]

From: Declan McCullagh <declan () well com>
Date: Fri, 26 Sep 2003 01:07:46 -0400
See some writeups here:
http://www.msnbc.com/news/959094.asp?0cv=TB10
http://www.circleid.com/article/287_0_1_0_C/
http://yro.slashdot.org/yro/03/09/24/132216.shtml?tid=111&tid=126&tid=95

---

From: Hugh Lilly <hl () orcon net nz>
Organization: http://hugh.orcon.net.nz
Subject: Fwd: Another DNS blacklist is taken down
Date: Thu, 25 Sep 2003 12:32:18 +1200
To: Dave Farber <dave () farber net>, Declan McCullagh <declan () well com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Declan, Dave,

Forwarded from NANOG for your consideration for IP/Politech.

- -hdl

- ----------  Forwarded Message:  ----------

Subject: Another DNS blacklist is taken down
Date: Thu, 25 Sep 2003 04:28
From: Justin Shore <listuser () numbnuts net>
To: nanog () merit edu

I thought ya'll might be interested to hear that yet another DNS blacklist
has been taken down out of fear of the DDoS attacks that took down
Osirusoft, Monkeys.com, and the OpenRBL.  Blackholes.compu.net suffered a
joe-job earlier this week.  Apparently the joe-jobbing was enough to
convince some extremely ignorant mail admins that Compu.net is spamming
and blocked mail from compu.net.  Compu.net has also seen the effects of
DDoS attacks on other DNS blacklist maintainers.  They've decided that the
risk to their actual business is too great and they are pulling the plug
on their DNS blacklist before they come under the gun by spammers.

http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&selm=3f70e839%241%40dimaggio.newszilla.com

Ron Guilmette, maintainer of the Monkeys.com blacklists has posted a
farewell from Monkeys.com to news.admin.net-abuse.email.  Ron cites the
total lack of interest in the attacks by both big network providers and
law enforcement authorities as the ultimate reason he's pulling the plug.

http://groups.google.com/groups?q=%22Now+retired+from+spam+fighting%22&hl=en&lr=&ie=UTF-8&oe=UTF-8&selm=vn1lufn8h6r38%40corp.supernews.com&rnum=4

It's truely a sad day for spam fighters everywhere.

So, my question for NANOG is how does one go about attracting the
attention of law enforcement when your network is under attack?  How does
the target of such an attack get a large network provider who's customers
are part of the attack to pay attention?  Is media attention the only way
to pressure a response from either group?  These DDoS attacks have
received some attention in mainstream media:

http://www.msnbc.com/news/959094.asp?0cv=TB10
http://www.boston.com/news/nation/articles/2003/08/28/saboteurs_hit_spams_blockers

Apparently it hasn't been enough.  Legal remedies take too long and are
cost prohibitive (unless you're the DoJ).  Subpoenas and civil lawsuits
take months if not years.  Relief is needed in days if not hours.

Justin

- -------------------------------------------------------

- --
                          (C) 2003 Hugh Lilly
                         mail: hl () orcon net nz
                    blog: http://hugh.orcon.net.nz
   Registered Linux User # 295486, register @ http://counter.li.org
        ______________________________________________________
        There's only so much stupidity you can compensate for;
        there comes a point where you compensate for so much
          stupidity that it starts to cause problems for the
              people who actually think in a normal way.
                -Bill, digital.forest tech support
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQE/cjeSGPk1r6aoIIIRArokAJ9jG7RisOAIJ0Zr2ckNtjPNOfBwRQCgiZjU
TdbVnd5WXRtqat1IVXduWpQ=
=HdwU
-----END PGP SIGNATURE-----

---

Date: Thu, 25 Sep 2003 15:09:37 +0530
To: dave () farber net
From: Udhay Shankar N <udhay () pobox com>
Subject: Re: [IP] Another DNS blacklist is taken down
Cc: declan () well com

Might this not be another legitimate use for Freenet [1] or Eternity [2]?
What I am imagining here is that a loosely knit group of volunteers collates and prepares a blacklist, and then publishes this blacklist to freenet or eternity once a day or so. This would seem to be not vulnerable to the kind of DDoS described below. 

Thoughts from the IP list?

Udhay

[1] http://freenet.sourceforge.net/
[2] http://www.cypherspace.org/~adam/eternity/



I thought ya'll might be interested to hear that yet another DNS blacklist
has been taken down out of fear of the DDoS attacks that took down
Osirusoft, Monkeys.com, and the OpenRBL.  Blackholes.compu.net suffered a
joe-job earlier this week.  Apparently the joe-jobbing was enough to
convince some extremely ignorant mail admins that Compu.net is spamming
and blocked mail from compu.net.  Compu.net has also seen the effects of
DDoS attacks on other DNS blacklist maintainers.  They've decided that the
risk to their actual business is too great and they are pulling the plug
on their DNS blacklist before they come under the gun by spammers.

http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&selm=3f70e839%241
%40dimaggio.newszilla.com

Ron Guilmette, maintainer of the Monkeys.com blacklists has posted a
farewell from Monkeys.com to news.admin.net-abuse.email.  Ron cites the
total lack of interest in the attacks by both big network providers and
law enforcement authorities as the ultimate reason he's pulling the plug.

http://groups.google.com/groups?q=%22Now+retired+from+spam+fighting%22&hl=en&;
lr=&ie=UTF-8&oe=UTF-8&selm=vn1lufn8h6r38%40corp.supernews.com&rnum=4


<snip>



--
((Udhay Shankar N)) ((udhay @ pobox.com)) ((www.digeratus.com))

_______________________________________________
Politech mailing list
Archived at http://www.politechbot.com/
Moderated by Declan McCullagh (http://www.mccullagh.org/)
Previous By Date Next
Previous By Thread Next

Current thread: