To: spamtools SA lists.abuse.net Subject: Re: [spamtools] Global DNSBL Blackout Week? From: "Ronald F. Guilmette" <rfg SA monkeys.com> Date: Wed, 24 Sep 2003 19:31:08 -0700 Message-ID: <33895.1064457068@monkeys.com>
In message <aT5vaIe86J8qbrKdc02@x>, Scott Nelson <scott(at)spamwolf.com> wrote:
>No offensive, but most ISPs already do all they can to stop DDoS attacks.
If you spread that sentence around liberally in your garden, you can grow some excelent flowers and vegetables.
During the period August 19th to August 29th, my web server was attacked by over 4,000 zombies. To the best of my knowledge, not a single one of those 4,000+ machines has been turned off, null-routed, or disinfected. Every single one of them is still out there, waiting for its next attack command. No ISP or backbone has lifted a finger to stop or even reduce this threat.
The Internet is, by some accounts, the most sophisticated communications infrastructure ever devised by the mind of man, and yet to this day there exists absolutely no conventions, protocols, or channels, either within the Internet or outside of it, to communicate information on these kinds of attacks, either up, down, or even laterally within the Internet food-chain, to any party who might be in a position to turn off, null-route or disinfect any of the zombie machines that are the basis of these attacks.
To say that this fact is a travesty, and that worse, it is almost incomprehensibly stupid (not to mention negligent) would be an understatement.
And for those apologists that would like to claim either that these recent events are novel, or that they were too short-lived for anyone to completely trace the attacks back to their zombie origins, I would just like to point out that (a) my site was under CONTINUOUS attack for 10 solid days... which one would hope would be enough time for even a snail to take some action to nullify at least some of the zombies... and also (b) that these sorts of attacks are in no sense a novel event - Yahoo, eBay, and CNN were taken down by DDoS attacks in early 2000, more than three years ago. THAT was supposed to have been the wake-up call. Three years later, people and companies at all levels of the Internet food-chain are still snoring at their desks, and doing their level best to continue to ignore the fact that this (DDoS) problem even exists.
If there exists ANY coordination or communication, either to, with, or among ISPs and/or major backbones for dealing with these sorts of events, then I must give full credit to those involved for having completely succeded at keeping it entirely secret from any and all parties who could possibly benefit from it, me included.
"Jens Tønnesen" <usenet@pressefoto.invalid> skrev i en meddelelse <news:bh2cv5.26g.1@fotobase.dk>:
> I tilknytning hertil kan jeg pege på en artikel på msnbc.com, som > afslører, at dem der i virkeligheden profiterer på spam er velkendte > firmaer, der udadtil har en 'zero-tolerance' i forhold til spam.
En uge efter at have deltaget på MS Tech-Ed i Dallas tidligere i år begyndte jeg for første gang at modtage spam på min firma-email. Email-adressen fremgik af mit visitkort, som jeg afleverede til flere velkendte og velrenommerede firmaer på den tilknyttede messe. Næste gang får jeg lavet specialtilpassede visitkort, så jeg bagefter kan se, hvem der sælger adresser videre. Min sidste rest af tillid til branchen forsvandt forresten ved denne lejlighed.