Hi, #This goes beyond spam and the resources that many mail servers are #using. These attacks are being directed at anti-spam organizations #today. Where will they point tomorrow? Many forms of breaking through #network security require that a system be DOS'd while the crime is being #committed. These machines won't quiet down after the blacklists are shut #down. They will keep attacking hosts. For the US market, this is a #national security issue. These systems will be exploited to cause havoc #among networks of all types and sizes; governmental and commercial. Note that not all DNSBLs are being effectively hit. DNSBLs which run with publicly available zone files are too distributed to be easily taken down, particularly if periodic deltas are distributed via cryptographically signed Usenet messages (or other "push" channels). You can immunize DNSBLs from attack, *provided* that you're willing to publicly distribute the contents of those DNSBLs. And when it comes to dealing with the sources of these attacks, we all know that there are *some* networks where security simply isn't any sort of priority. (For example, make it a practice to routinely see what ISPs consistently show up highly ranked on incident summary sites such as http://www.mynetwatchman.com/ ). Maybe the folks running those networks are overworked and understafffed, maybe they have legal constraints that limit what they can do, maybe their management just don't care as long as they keep getting paid. Who knows? Whatever the reason, no one is willing to depeer them or filter their routes, so they really are free to do absolutely *nothing* about vulnerable hosts or abusive customers. There are absolutely *no* consequences to their security inactivity, and because of that, none of us should be surprised that the problem is becoming a worsening one. Regards, Joe St Sauver (joe@oregon.uoregon.edu) University of Oregon Computing Center