On Tue, 23 Sep 2003, Jack Bates wrote:
This goes beyond spam and the resources that many mail servers are using. These attacks are being directed at anti-spam organizations today. Where will they point tomorrow? Many forms of breaking through network security require that a system be DOS'd while the crime is being committed. These machines won't quiet down after the blacklists are shut down. They will keep attacking hosts. For the US market, this is a national security issue. These systems will be exploited to cause havoc among networks of all types and sizes; governmental and commercial.
It's somewhat funny. Quite some time ago, us IRC server operators warned about this same thing, and were mostly just told to "not run IRC servers." The anti-spammers will likely just get told to "not run DNSBL's." This only works up until the point that it's YOUR service thats getting hit and people tell you to stop running it. For several years now I've noticed a trend of technologies being used to attack IRC servers being later abused to send SPAM. First it was the open wingates, then the misconfigured Cisco's, then the HTTP Proxies. It looks like the large botnets are now being harvested by spammers to fight the Anti spammers. This is something we IRC server admins, and other high profile services like it which draw such attacks have been dealing with for some time. Ron, good luck with it. You're stuck between a rock and a hard place. If you down it the kiddies win again, and will feel they can bully the next guy. If you don't your network is crippled. It's a no win situation. Jason -- Jason Slagle - CCNP - CCDP /"\ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . \ / ASCII Ribbon Campaign . X - NO HTML/RTF in e-mail . / \ - NO Word docs in e-mail .