RE: "Make love, not spam"....
-----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] Sent: Monday, November 29, 2004 9:28 AM To: nanog@merit.edu Subject: Re: "Make love, not spam"....
The BBC also has an article this morning about this:
http://news.bbc.co.uk/2/hi/technology/4051553.stm
- ferg
-- "Fergie (Paul Ferguson)" <fergdawg@netzero.net> wrote:
Techdirt has an article this morning that discusses how Lycos Europe is encouraging their users to run a screensaver that constantly "pings servers suspected to be used by spammers" and also suggests that "In other words, it's a distributed denial of service attack against spammers by Lycos."
The Techdirt article referenced is on Heise Online:
http://www.heise.de/english/newsticker/news/53697
I'd be curious to hear what NANOG readers thoughts are on this.
Techdirt is located at http://www.techdirt.com/
- ferg
It's a DDOS. The risk of collateral damage is high. I won't discuss the RBL aspect of it because it can't be legitimized past the first sentence. -M<
It's a DDOS. The risk of collateral damage is high. I won't discuss the RBL aspect of it because it can't be legitimized past the first sentence.
-M<
From what limited information is available in the articles, it doesn't sound that way. It's not really a DDoS attack, but more of a "distributed web surfing bot." The point isn't to generate a ton of false requests to overload the web servers, the point is to send a controlled amount of requests to cause the target websites to generate a lot of http traffic. One that's not meant to knock the sites off line, but just consume their bandwidth through real http use. *IF* their screen saver is written correctly, the sites should never go down, but at worst, just slow down. That's a big *IF*. I understand this as more of a Distributed Consumption of Service attack. (Is the acronym DCoS used yet?) Real requests, downloading real data, to real computers. A lot of them. The same effect could be had by having those websites being requested by the Lycos mail users by clicking on a link to their web site, except that would be more prone to cause operational problems with target sites being overloaded. Also, if the "target" web servers are set up right, they should protect themselves in all the normal ways an http server under load does. If you still think it's a DDoS, then they're only as guilty as Slashdot. The big difference between Lycos Europe, and a script kiddie with zombies is that Lycos is mature enough to use restraint and not knock down websites with brute force. They're attempting to use the politically correct "grown up" way to attack someone: economics. How is giving the spammers what they want (real web site traffic) an attack? That doesn't even qualify! Would a huge advertising effort to get users to visit every spammer web site they get, and click "reload" a few times also qualify as an attack? Remember: I'm assuming a properly written client. -Jerry
It's a DDOS. The risk of collateral damage is high. <snip>
From what limited information is available in the articles, it doesn't sound that way. It's not really a DDoS attack, but more of a "distributed web surfing bot." <snip>
I understand this as more of a Distributed Consumption of Service attack. (Is the acronym DCoS used yet?) Real requests, downloading real data, to real computers. A lot of them. T <snip>
The big difference between Lycos Europe, and a script kiddie with zombies is that Lycos is mature enough to use restraint and not knock down websites with brute force. They're attempting to use the politically correct "grown up" way to attack someone: economics.
How is giving the spammers what they want (real web site traffic) an attack? That doesn't even qualify!
How many bogus URLs are embedded into spam content? A: Lots. They are used to obscure words to get past filters, or as red herring targets or joe-jobs. A DDoS is a DDoS, no matter how "benign" one might think it is, or how "evil/deserving" the target is perceived to be. The risk of collateral damage is way too high. -- Chuck Goolsbee V.P. Technical Operations _________________________________________________________________ digital.forest Phone: +1-877-720-0483, x2001 where Internet solutions grow Int'l: +1-425-483-0483 **** celebrating ten years of service 7/12/1994 - 7/12/2004 **** 19515 North Creek Parkway Fax: +1-425-482-6871 Suite 208 http://www.forest.net Bothell, WA 98011 email: cg@forest.net
The servers targeted by the screensaver have been manually selected from various sources, including Spamcop, and verified to be spam advertising sites, Lycos claims. I'd like to know how will they "manually" choose which spammers they'll go after? Personal e-vendetta? It'll just cause the spammers to use the zombie networks more and more. It seems to me to just be an advertising gimmick, not a solution. scott
On Mon, Nov 29, 2004 at 10:54:03AM -0600, Jerry Pasker wrote:
The big difference between Lycos Europe, and a script kiddie with zombies is that Lycos is mature enough to use restraint and not knock down websites with brute force.
I have no idea whether they're mature enough. They're most certainly not knowledgeable enough, as they appear to have failed to account for: - zombie'd end-user systems (some of which will no doubt download this DoS tool) - web sites hosted on zombies (and serving requests sent to them either by rapidly-updating DNS or redirectors) - throwaway domains - hijacked ASNs among other standard spammer tricks, all of which can be used to deflect the attack or redirect it against third parties. But beyond that: this is a silly tactic. Spammers have as much [free, to them] bandwidth as they want. They're trying to drown people who "own" the ocean. ---Rsk
participants (5)
-
chuck goolsbee
-
Hannigan, Martin
-
Jerry Pasker
-
Rich Kulawiec
-
Scott Weeks