News on DNS blacklists from the excellent Politech newsletter.

Begin forwarded message:
From: Declan McCullagh <[EMAIL PROTECTED]>
Date: Thu Sep 25, 2003 10:07:46 PM America/Phoenix
To: [EMAIL PROTECTED]
Subject: [Politech] Monkeys.com anti-spam blacklist shuttered by online attack [sp]


See some writeups here:
http://www.msnbc.com/news/959094.asp?0cv=TB10
http://www.circleid.com/article/287_0_1_0_C/
http://yro.slashdot.org/yro/03/09/24/ 132216.shtml?tid=111&tid=126&tid=95


---

From: Hugh Lilly <[EMAIL PROTECTED]>
Organization: http://hugh.orcon.net.nz
Subject: Fwd: Another DNS blacklist is taken down
Date: Thu, 25 Sep 2003 12:32:18 +1200
To: Dave Farber <[EMAIL PROTECTED]>, Declan McCullagh <[EMAIL PROTECTED]>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Declan, Dave,

Forwarded from NANOG for your consideration for IP/Politech.

- -hdl

- ---------- Forwarded Message: ----------

Subject: Another DNS blacklist is taken down
Date: Thu, 25 Sep 2003 04:28
From: Justin Shore <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]

I thought ya'll might be interested to hear that yet another DNS blacklist
has been taken down out of fear of the DDoS attacks that took down
Osirusoft, Monkeys.com, and the OpenRBL. Blackholes.compu.net suffered a
joe-job earlier this week. Apparently the joe-jobbing was enough to
convince some extremely ignorant mail admins that Compu.net is spamming
and blocked mail from compu.net. Compu.net has also seen the effects of
DDoS attacks on other DNS blacklist maintainers. They've decided that the
risk to their actual business is too great and they are pulling the plug
on their DNS blacklist before they come under the gun by spammers.


http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF- 8&selm=3f70e839%241%40dimaggio.newszilla.com

Ron Guilmette, maintainer of the Monkeys.com blacklists has posted a
farewell from Monkeys.com to news.admin.net-abuse.email. Ron cites the
total lack of interest in the attacks by both big network providers and
law enforcement authorities as the ultimate reason he's pulling the plug.


http://groups.google.com/ groups?q=%22Now+retired+from+spam+fighting%22&hl=en&lr=&ie=UTF- 8&oe=UTF-8&selm=vn1lufn8h6r38%40corp.supernews.com&rnum=4

It's truely a sad day for spam fighters everywhere.

So, my question for NANOG is how does one go about attracting the
attention of law enforcement when your network is under attack? How does
the target of such an attack get a large network provider who's customers
are part of the attack to pay attention? Is media attention the only way
to pressure a response from either group? These DDoS attacks have
received some attention in mainstream media:


http://www.msnbc.com/news/959094.asp?0cv=TB10
http://www.boston.com/news/nation/articles/2003/08/28/ saboteurs_hit_spams_blockers


Apparently it hasn't been enough.  Legal remedies take too long and are
cost prohibitive (unless you're the DoJ).  Subpoenas and civil lawsuits
take months if not years.  Relief is needed in days if not hours.

Justin

- -------------------------------------------------------

- --
                          (C) 2003 Hugh Lilly
                         mail: [EMAIL PROTECTED]
                    blog: http://hugh.orcon.net.nz
   Registered Linux User # 295486, register @ http://counter.li.org
        ______________________________________________________
        There's only so much stupidity you can compensate for;
        there comes a point where you compensate for so much
          stupidity that it starts to cause problems for the
              people who actually think in a normal way.
                -Bill, digital.forest tech support
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQE/cjeSGPk1r6aoIIIRArokAJ9jG7RisOAIJ0Zr2ckNtjPNOfBwRQCgiZjU
TdbVnd5WXRtqat1IVXduWpQ=
=HdwU
-----END PGP SIGNATURE-----

---

Date: Thu, 25 Sep 2003 15:09:37 +0530
To: [EMAIL PROTECTED]
From: Udhay Shankar N <[EMAIL PROTECTED]>
Subject: Re: [IP] Another DNS blacklist is taken down
Cc: [EMAIL PROTECTED]

Might this not be another legitimate use for Freenet [1] or Eternity [2]?

What I am imagining here is that a loosely knit group of volunteers collates and prepares a blacklist, and then publishes this blacklist to freenet or eternity once a day or so. This would seem to be not vulnerable to the kind of DDoS described below.

Thoughts from the IP list?

Udhay

[1] http://freenet.sourceforge.net/
[2] http://www.cypherspace.org/~adam/eternity/


I thought ya'll might be interested to hear that yet another DNS blacklist
has been taken down out of fear of the DDoS attacks that took down
Osirusoft, Monkeys.com, and the OpenRBL. Blackholes.compu.net suffered a
joe-job earlier this week. Apparently the joe-jobbing was enough to
convince some extremely ignorant mail admins that Compu.net is spamming
and blocked mail from compu.net. Compu.net has also seen the effects of
DDoS attacks on other DNS blacklist maintainers. They've decided that the
risk to their actual business is too great and they are pulling the plug
on their DNS blacklist before they come under the gun by spammers.


http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF- 8&selm=3f70e839%241
%40dimaggio.newszilla.com


Ron Guilmette, maintainer of the Monkeys.com blacklists has posted a
farewell from Monkeys.com to news.admin.net-abuse.email. Ron cites the
total lack of interest in the attacks by both big network providers and
law enforcement authorities as the ultimate reason he's pulling the plug.


http://groups.google.com/ groups?q=%22Now+retired+from+spam+fighting%22&hl=en&
lr=&ie=UTF-8&oe=UTF-8&selm=vn1lufn8h6r38%40corp.supernews.com&rnum=4

<snip>




--
((Udhay Shankar N)) ((udhay @ pobox.com)) ((www.digeratus.com))

_______________________________________________
Politech mailing list
Archived at http://www.politechbot.com/
Moderated by Declan McCullagh (http://www.mccullagh.org/)






Reply via email to