Re: [Asrg] 0. General2003-10-21 22:13:40At 5:51 AM +0200 10/22/03, Markus Stumpf wrote: The Internet is a commercial net for quite some time and the "grey guys" make their money with the fact that they are less restrictive than the "white guys". As long as there are enough "grey guys" you can't get rid of the easily because maybe some big companies are their customers. Ran into a recent example of this. There's a guy sitting on Level3's network (name and address available upon request :-). He does bulk mail delivery for porn sites. I actually don't consider him a particularly bad spammer. I suspect they just give him the list and he delivers. He is, however, a very bad coder. When faced with the fact that some servers return 5xx errors on account full, he decided to ignore all 5xx errors. That's right. He just completely ignores them. But the real killer is that if you give him a 5xx at connect time and then close the connection, his software thinks it got a network error and immediately retries the connection... a lot... frequently. I was getting slammed with half a million connection attempts in the period of a few hours. Repeated every 12 to 24 hours. Despite the fact that we'd immediately close them, it was saturating a 768kbs DSL line. The only way I managed to get Level3's attention was that I didn't mention the word spam. I billed it as what it in essence was... a DoS attack. It took a week to get them to respond. They claim to be talking to him about the problem. Then again, he claimed to me he would stop sending my domain email and he didn't, so who knows. I seriously doubt they'll throw the guy off their network. He's paying for some serious bandwidth. He's got dozens of machines delivering email, and he's been on the SpamHaus list for at least a year. Welcome to the gray market of email hosting. In an ideal world you'd tell the guy to get off the network until he cleaned up his act. But it's not an ideal world. Of course, on the hardcore spammer side, we have things that are really serious DoS attacks. I saw mail this evening from a site admin who got hit with a dictionary attack. 12-15,000 messages per hour over a 12 hour period, coming from over 61,000 different IP addresses. And at the end of the 12 hours, the volume suddenly doubled to 30,000 messages per hour. After trying to deal with that for a while the domain owner gave up and removed the A record for the domain that was being attacked. Fortunately that was an option. Ironically the domain being attacked had no valid email addresses, although the server hosted other domains that did. The subject of the spam? Ads for anti-spam software. 61,000 machines engaged in a coordinated spam attack on a single machine. -- Kee Hinckley http://www.messagefire.com/ Next Generation Spam Defense http://commons.somewhere.com/buzz/ Writings on Technology and Society I'm not sure which upsets me more: that people are so unwilling to accept responsibility for their own actions, or that they are so eager to regulate everyone else's. _______________________________________________ Asrg mailing list Asrg(_at_)ietf(_dot_)org https://www1.ietf.org/mailman/listinfo/asrg
|
|
||||||||||||||||