At 9:45 AM -0500 1/20/98, Eric Wieling wrote: You should be able to figure out what interfaces they are comming in on. That's the first step.
Is there any point in trying to report these attacks? Who would we report them to? We don't know what the source is, after all the address is spoofed. It seems kind of pointless to notify the victim -- they already know they have been smurfed.
You report them to the FBI. See "Firewalls and Internet Security" by Cheswick and Bellovin, and "Unix System Security" by Curry. Does that help? Yes and no. There are several laws being violated, but the FBI basically isn't getting involved in the spam wars. The first violators were the anti-spammers who put in the blocking. The second violators were the spammers who use relaying to get around that. Anti-spammers are illegally intercepting (blocking) electronic communications, and reading email, and the spammers are illegally exceeding their authorization to access computers. The anti-spammers are illegally preventing access to computers and networks engaged in interstate commerce. Anti-spammers illegally exceed their authority to cancel usenet messages. Spammers try to post messages faster than they can be canceled. Electronic packet wars with each side trying to out-send the other. The FBI is aware of this. I think the FBI is reticent to get involved since there is essentially an electronic riot in progress, and they don't have the resources to arrest all the involved parties. Since no one is getting physically injured and no money is being stolen, I think they are just waiting to see what happens. Perhaps they think it will blow over. Or perhaps they just don't think it important enough to get involved in. Perhaps its just the largest flame war in the history of the planet, and shouldn't be taken too seriously. Evidence is hard to gather and prosecute. I suppose that some on this list are ill-disposed to accept they are breaking any laws. I doubt anyone wants to argue this on this list. So I won't. But you should note that both authors also indicate that (from Cheswick and Bellovin, page 205): "Computing and electronic communications service providers are more limited in their right to monitor user activity. Just as the phone company personnel may not, in general, listen to your calls, employees of a public electronic mail service may not read your messages, whether in transit or stored." There will be more detailed information in our spam policy. I'm working on a spam policy which may be viewed at http://www.av8.com/spampolicy.html It includes all the laws that are being broken by all the parties. It's still a draft, but the main points are there.
I want to do my part to try to stop attacks, but I'm baffled on this one.
Here's what you can do: Get people to stop illegally blocking spam, and then get the spammers to stop illegally using relays. Once the network and online providers obey the law, you can ask the spammers to obey the law, too. It's pretty pointless to only ask one group to obey the law. It's pretty unlikely the FBI will step in to enforce the law on only group while allowing the other group break the law. At some point, perhaps we can take a list of violators to the FBI and ask them to restore order and enforce the laws on spammer and anti-spammer violators. --Dean ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Plain Aviation, Inc dean@av8.com LAN/WAN/UNIX/NT/TCPIP http://www.av8.com ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++