---------- Forwarded message ---------- Date: Fri, 26 Apr 2002 23:38:46 -0400 From: R. A. Hettinga <[EMAIL PROTECTED]> To: Digital Bearer Settlement List <[EMAIL PROTECTED]> Subject: Re: Fwd: [ISN] Hackers exploit Korea to attack global systems
--- begin forwarded text Status: U Delivered-To: [EMAIL PROTECTED] Delivered-To: [EMAIL PROTECTED] Delivered-To: [EMAIL PROTECTED] Date: 26 Apr 2002 23:07:48 -0400 From: [EMAIL PROTECTED] (John R. Levine) To: [EMAIL PROTECTED] Subject: Re: Fwd: [ISN] Hackers exploit Korea to attack global systems Newsgroups: iecc.lists.nanog Organization: I.E.C.C., Trumansburg NY USA Cc: Sender: [EMAIL PROTECTED] >>Some foreign servers block access attempts whose origins are traced to >>Korea, implying that the country's leadership in the broadband >>Internet business may be marred by its negligence in upgrading lame >>security protection systems, the center said. No kidding. Some of us have gotten so tired of spam from Korea, both stuff relayed from the west and Korean-language spam promoting Korean web sites, combined with the complete lack of response to all abuse reports, that we've blocked all mail from Korean networks. As an experiment, I set up an RBLish blocking list at korea.services.net. It lists all the APNIC space assigned to Korea (I think, APNIC's records are sloppy) along with any ARIN space assigned to Korea that's come to my attention due to being spammed from it. It blocks a lot of spam, with very little collateral damage for me since despite having books in print in Korean in Korea, nobody ever writes to me from there. I've told people they can use it informally, and it now gets about 5 hits per second, up from 3 a few weeks ago. The blocking message points at a web page explaining why I'm blocking mail, with an unblocked address to write to me, so I get about one message a week from Korean sysadms saying "I fixed my open relay, please unblock my /32 now". I write back and say it's not just them, their entire ISP is blocked due to unresponsiveness. I hope someday they'll clean up their act enough to stop blocking them, but I'm not holding my breath. Anyone's welcome to use it informally. There's no SOA and no zone transfers since it's running rbldns, not bind, but you can check dig 3.0.0.127.korea.services.net to see how it works. -- John R. Levine, IECC, POB 727, Trumansburg NY 14886 +1 607 387 6869 [EMAIL PROTECTED], Village Trustee and Sewer Commissioner, http://iecc.com/johnl, Member, Provisional board, Coalition Against Unsolicited Commercial E-mail --- end forwarded text -- ----------------- R. A. Hettinga <mailto: [EMAIL PROTECTED]> The Internet Bearer Underwriting Corporation <http://www.ibuc.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - ISN is currently hosted by Attrition.org To unsubscribe email [EMAIL PROTECTED] with 'unsubscribe isn' in the BODY of the mail.
