---------- Forwarded message ---------- Date: Fri, 26 Apr 2002 23:38:46 -0400 From: R. A. Hettinga <rahat_private> To: Digital Bearer Settlement List <dbsat_private> Subject: Re: Fwd: [ISN] Hackers exploit Korea to attack global systems --- begin forwarded text Status: U Delivered-To: nanog-outgoingat_private Delivered-To: nanogat_private Delivered-To: nanogat_private Date: 26 Apr 2002 23:07:48 -0400 From: johnlat_private (John R. Levine) To: nanogat_private Subject: Re: Fwd: [ISN] Hackers exploit Korea to attack global systems Newsgroups: iecc.lists.nanog Organization: I.E.C.C., Trumansburg NY USA Cc: Sender: owner-nanogat_private >>Some foreign servers block access attempts whose origins are traced to >>Korea, implying that the country's leadership in the broadband >>Internet business may be marred by its negligence in upgrading lame >>security protection systems, the center said. No kidding. Some of us have gotten so tired of spam from Korea, both stuff relayed from the west and Korean-language spam promoting Korean web sites, combined with the complete lack of response to all abuse reports, that we've blocked all mail from Korean networks. As an experiment, I set up an RBLish blocking list at korea.services.net. It lists all the APNIC space assigned to Korea (I think, APNIC's records are sloppy) along with any ARIN space assigned to Korea that's come to my attention due to being spammed from it. It blocks a lot of spam, with very little collateral damage for me since despite having books in print in Korean in Korea, nobody ever writes to me from there. I've told people they can use it informally, and it now gets about 5 hits per second, up from 3 a few weeks ago. The blocking message points at a web page explaining why I'm blocking mail, with an unblocked address to write to me, so I get about one message a week from Korean sysadms saying "I fixed my open relay, please unblock my /32 now". I write back and say it's not just them, their entire ISP is blocked due to unresponsiveness. I hope someday they'll clean up their act enough to stop blocking them, but I'm not holding my breath. Anyone's welcome to use it informally. There's no SOA and no zone transfers since it's running rbldns, not bind, but you can check dig 126.96.36.199.korea.services.net to see how it works. -- John R. Levine, IECC, POB 727, Trumansburg NY 14886 +1 607 387 6869 johnlat_private, Village Trustee and Sewer Commissioner, http://iecc.com/johnl, Member, Provisional board, Coalition Against Unsolicited Commercial E-mail --- end forwarded text -- ----------------- R. A. Hettinga <mailto: rahat_private> The Internet Bearer Underwriting Corporation <http://www.ibuc.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Mon May 06 2002 - 03:52:06 PDT