See some writeups here: http://www.msnbc.com/news/959094.asp?0cv=TB10 http://www.circleid.com/article/287_0_1_0_C/ http://yro.slashdot.org/yro/03/09/24/132216.shtml?tid=111&tid=126&tid=95 --- From: Hugh Lilly <hl@private> Organization: http://hugh.orcon.net.nz Subject: Fwd: Another DNS blacklist is taken down Date: Thu, 25 Sep 2003 12:32:18 +1200 To: Dave Farber <dave@private>, Declan McCullagh <declan@private> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Declan, Dave, Forwarded from NANOG for your consideration for IP/Politech. - -hdl - ---------- Forwarded Message: ---------- Subject: Another DNS blacklist is taken down Date: Thu, 25 Sep 2003 04:28 From: Justin Shore <listuser@private> To: nanog@private I thought ya'll might be interested to hear that yet another DNS blacklist has been taken down out of fear of the DDoS attacks that took down Osirusoft, Monkeys.com, and the OpenRBL. Blackholes.compu.net suffered a joe-job earlier this week. Apparently the joe-jobbing was enough to convince some extremely ignorant mail admins that Compu.net is spamming and blocked mail from compu.net. Compu.net has also seen the effects of DDoS attacks on other DNS blacklist maintainers. They've decided that the risk to their actual business is too great and they are pulling the plug on their DNS blacklist before they come under the gun by spammers. http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&selm=3f70e839%241%40dimaggio.newszilla.com Ron Guilmette, maintainer of the Monkeys.com blacklists has posted a farewell from Monkeys.com to news.admin.net-abuse.email. Ron cites the total lack of interest in the attacks by both big network providers and law enforcement authorities as the ultimate reason he's pulling the plug. http://groups.google.com/groups?q=%22Now+retired+from+spam+fighting%22&hl=en&lr=&ie=UTF-8&oe=UTF-8&selm=vn1lufn8h6r38%40corp.supernews.com&rnum=4 It's truely a sad day for spam fighters everywhere. So, my question for NANOG is how does one go about attracting the attention of law enforcement when your network is under attack? How does the target of such an attack get a large network provider who's customers are part of the attack to pay attention? Is media attention the only way to pressure a response from either group? These DDoS attacks have received some attention in mainstream media: http://www.msnbc.com/news/959094.asp?0cv=TB10 http://www.boston.com/news/nation/articles/2003/08/28/saboteurs_hit_spams_blockers Apparently it hasn't been enough. Legal remedies take too long and are cost prohibitive (unless you're the DoJ). Subpoenas and civil lawsuits take months if not years. Relief is needed in days if not hours. Justin - ------------------------------------------------------- - -- (C) 2003 Hugh Lilly mail: hl@private blog: http://hugh.orcon.net.nz Registered Linux User # 295486, register @ http://counter.li.org ______________________________________________________ There's only so much stupidity you can compensate for; there comes a point where you compensate for so much stupidity that it starts to cause problems for the people who actually think in a normal way. -Bill, digital.forest tech support -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQE/cjeSGPk1r6aoIIIRArokAJ9jG7RisOAIJ0Zr2ckNtjPNOfBwRQCgiZjU TdbVnd5WXRtqat1IVXduWpQ= =HdwU -----END PGP SIGNATURE----- --- Date: Thu, 25 Sep 2003 15:09:37 +0530 To: dave@private From: Udhay Shankar N <udhay@private> Subject: Re: [IP] Another DNS blacklist is taken down Cc: declan@private Might this not be another legitimate use for Freenet [1] or Eternity [2]? What I am imagining here is that a loosely knit group of volunteers collates and prepares a blacklist, and then publishes this blacklist to freenet or eternity once a day or so. This would seem to be not vulnerable to the kind of DDoS described below. Thoughts from the IP list? Udhay [1] http://freenet.sourceforge.net/ [2] http://www.cypherspace.org/~adam/eternity/ >I thought ya'll might be interested to hear that yet another DNS blacklist >has been taken down out of fear of the DDoS attacks that took down >Osirusoft, Monkeys.com, and the OpenRBL. Blackholes.compu.net suffered a >joe-job earlier this week. Apparently the joe-jobbing was enough to >convince some extremely ignorant mail admins that Compu.net is spamming >and blocked mail from compu.net. Compu.net has also seen the effects of >DDoS attacks on other DNS blacklist maintainers. They've decided that the >risk to their actual business is too great and they are pulling the plug >on their DNS blacklist before they come under the gun by spammers. > >http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&selm=3f70e839%241 >%40dimaggio.newszilla.com > >Ron Guilmette, maintainer of the Monkeys.com blacklists has posted a >farewell from Monkeys.com to news.admin.net-abuse.email. Ron cites the >total lack of interest in the attacks by both big network providers and >law enforcement authorities as the ultimate reason he's pulling the plug. > >http://groups.google.com/groups?q=%22Now+retired+from+spam+fighting%22&hl=en& >lr=&ie=UTF-8&oe=UTF-8&selm=vn1lufn8h6r38%40corp.supernews.com&rnum=4 <snip> -- ((Udhay Shankar N)) ((udhay @ pobox.com)) ((www.digeratus.com)) _______________________________________________ Politech mailing list Archived at http://www.politechbot.com/ Moderated by Declan McCullagh (http://www.mccullagh.org/)
This archive was generated by hypermail 2b30 : Thu Sep 25 2003 - 22:21:27 PDT