Re: Fwd: [ISN] Hackers exploit Korea to attack global systems

From: InfoSec News (isnat_private)
Date: Mon May 06 2002 - 00:29:04 PDT

  • Next message: InfoSec News: "[ISN] Security poses primary wireless challenge"

    ---------- Forwarded message ----------
    Date: Fri, 26 Apr 2002 23:38:46 -0400
    From: R. A. Hettinga <rahat_private>
    To: Digital Bearer Settlement List <dbsat_private>
    Subject: Re: Fwd: [ISN] Hackers exploit Korea to attack global systems
    --- begin forwarded text
    Status:  U
    Delivered-To: nanog-outgoingat_private
    Delivered-To: nanogat_private
    Delivered-To: nanogat_private
    Date: 26 Apr 2002 23:07:48 -0400
    From: johnlat_private (John R. Levine)
    To: nanogat_private
    Subject: Re: Fwd: [ISN] Hackers exploit Korea to attack global systems
    Newsgroups: iecc.lists.nanog
    Organization: I.E.C.C., Trumansburg NY USA
    Sender: owner-nanogat_private
    >>Some foreign servers block access attempts whose origins are traced to
    >>Korea, implying that the country's leadership in the broadband
    >>Internet business may be marred by its negligence in upgrading lame
    >>security protection systems, the center said.
    No kidding.  Some of us have gotten so tired of spam from Korea, both
    stuff relayed from the west and Korean-language spam promoting Korean
    web sites, combined with the complete lack of response to all abuse
    reports, that we've blocked all mail from Korean networks.
    As an experiment, I set up an RBLish blocking list at  It lists all the APNIC space assigned to Korea (I
    think, APNIC's records are sloppy) along with any ARIN space assigned
    to Korea that's come to my attention due to being spammed from it.  It
    blocks a lot of spam, with very little collateral damage for me since
    despite having books in print in Korean in Korea, nobody ever writes
    to me from there.
    I've told people they can use it informally, and it now gets about 5
    hits per second, up from 3 a few weeks ago.  The blocking message
    points at a web page explaining why I'm blocking mail, with an
    unblocked address to write to me, so I get about one message a week
    from Korean sysadms saying "I fixed my open relay, please unblock my
    /32 now".  I write back and say it's not just them, their entire ISP
    is blocked due to unresponsiveness.  I hope someday they'll clean up
    their act enough to stop blocking them, but I'm not holding my breath.
    Anyone's welcome to use it informally.  There's no SOA and no zone
    transfers since it's running rbldns, not bind, but you can check
    dig to see how it works.
    John R. Levine, IECC, POB 727, Trumansburg NY 14886 +1 607 387 6869
    johnlat_private, Village Trustee and Sewer Commissioner,,
    Member, Provisional board, Coalition Against Unsolicited Commercial E-mail
    --- end forwarded text
    R. A. Hettinga <mailto: rahat_private>
    The Internet Bearer Underwriting Corporation <>
    44 Farquhar Street, Boston, MA 02131 USA
    "... however it may deserve respect for its usefulness and antiquity,
    [predicting the end of the world] has not been found agreeable to
    experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
    ISN is currently hosted by
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Mon May 06 2002 - 03:52:06 PDT