Gee. We operated relay services for almost 4 years with only one incident before this summer. Since the antispammers started inciting attacks, we've been attacked more than 2 dozen times since July. Coincidence? I think not. Also, there aren't very many _real spams_ in the attacks. The attacks are spamlike, but generally not spam. But the content of the messages doesn't matter. I don't care if its spam or not spam. Services rendered are worth money. We are entitled to collect the money regardless of the purpose of the relayed messages. If the money exceeds $5000, the unauthorized access becomes criminal. We complain to FBI. The "relayer" will be found. And we are still entitled to the money for the services provided. --Dean Around 10:16 PM 11/21/1999 -0700, rumor has it that Forrest W. Christian said:
On Sun, 21 Nov 1999, Kai Schlichting wrote:
THEY WILL FIND YOUR RELAYS ON THEIR OWN, AND THEY WILL ABUSE THEM, NO MATTER HOW LOUD YOU SCREAM.
In transition to a new mail server (with a new address), I installed a plug-gateway on the old server to redirect mail.
Unfortunately, plugd hides the ip address of the sender, and since I trust my netblocks, all of the ip addresses on the old server became "spam relay entry points".
It took the spammers 96 hours to find 3 of the addresses on that box and for us to be listed in orbs. I figured I would have at least had a week or two to figure out a better way.
I ended up staying up all night getting transparent proxying to work right on the new server and making it work with a cisco route-map.
- Forrest W. Christian (forrestc@imach.com) KD7EHZ ---------------------------------------------------------------------- iMach, Ltd., P.O. Box 5749, Helena, MT 59604 http://www.imach.com Solutions for your high-tech problems. (406)-442-6648 ----------------------------------------------------------------------
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Plain Aviation, Inc dean@av8.com LAN/WAN/UNIX/NT/TCPIP http://www.av8.com ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
[ On Monday, November 22, 1999 at 14:16:25 (-0500), Dean Anderson wrote: ]
Subject: Re: ARIN whois
Gee. We operated relay services for almost 4 years with only one incident before this summer. Since the antispammers started inciting attacks, we've been attacked more than 2 dozen times since July. Coincidence? I think not.
I think so. Lots and lots of people are suddenly finding their previously un-touched open relays are now being abused. Just because they're suddenly abusing you doesn't mean beans. Join the group, but please stay in line and don't get pushy -- you're no worse of than any of the rest.
Also, there aren't very many _real spams_ in the attacks. The attacks are spamlike, but generally not spam. But the content of the messages doesn't matter. I don't care if its spam or not spam. Services rendered are worth money. We are entitled to collect the money regardless of the purpose of the relayed messages. If the money exceeds $5000, the unauthorized access becomes criminal. We complain to FBI. The "relayer" will be found. And we are still entitled to the money for the services provided.
No, you're not. No contract was entered into, obviously; and of course if you didn't protect your services so that they could only be used by authorised users then there's not much you can do to the so-called "abusers". This is especially true when there are simple and obvious technical means of providing guaranteed protection. It's like replacing the key lock on an unattended service station with a big red manual on/off switch and changing the neon sign to read "Free Gas -- Help Yourself!" They're not jimmying the lock because there isn't one! -- Greg A. Woods +1 416 218-0098 VE3TCP <gwoods@acm.org> <robohack!woods> Planix, Inc. <woods@planix.com>; Secrets of the Weird <woods@weird.com>
participants (2)
-
Dean Anderson
-
woods@most.weird.com