Re: Wired mag article on spammers playing traceroute games with trojaned boxes
On Thu, 9 Oct 2003 12:55:36 -0400 (EDT), jlewis@lewis.org wrote:
Trouble is, how do you stop this?
You use the same principles that are successfully applied every in society (except the Internet) to prevent the negligent from injuring the public. <http://www.camblab.com/misc/univ_std.txt> and (if you have a moment for some chuckles as well as some deep insights into what ails our favorite organism) <http://www.camblab.com/nugget/spam_03.pdf> (Brief extract: "One needs only to enforce existing contracts and management charters (e.g. ICANN's) and to apply the basic principles of civilization to the Internet. No one would fly an airline run like today's Internet. Why should we tolerate such misoperation of an ever more critical resource in modern life? Spam is not inevitable. It is the predictable consequence of management decisions to use the Environmental Polluter business model . . . .) It's not a technical problem and there are NO technical solutions. The only one that works is what is used in every other type of human activity. Jeffrey Race
Folks, let's move this discussion onto one of the many lists that focuses on spam: http://www.claws-and-paws.com/spam-l/spam-l.html -- spam-l list for spam prevention and discussion http://www.abuse.net/spamtools.html -- spam tools list for software tools that detect spam net.admin.net-abuse.email | net.admin.net-abuse.usenet -- usenet lists Thanks -- Susan
--On Thursday, October 09, 2003 7:54 PM -0400 Susan Harris <srh@merit.edu> wrote:
Folks, let's move this discussion onto one of the many lists that focuses on spam:
http://www.claws-and-paws.com/spam-l/spam-l.html -- spam-l list for spam prevention and discussion http://www.abuse.net/spamtools.html -- spam tools list for software tools that detect spam net.admin.net-abuse.email | net.admin.net-abuse.usenet -- usenet lists
I am curious as to why open proxies, compromised hosts, trojans and routing games are not considered operational issues simply because the vehicle being discussed is spam. With all due respect, we have a *problem*. End user machines on broadband connections are being misconfigured and/or compromised in frightening numbers. These machines are being used for everything from IRC flooder to spam engines, to DNS servers to massive DDoS infrastructure. If the ability of a teenager to launch a gb/s DDoS, or of someone DoSing mailservers off the internet with a trojan that contains a spam engine is not operational, perhaps it's just me that's confused. Two-three years ago the warnings were ignored because it was only IRC. Now it's only spam. What does it take to make the Network Operators and NANOG decide that things that are a "very bad thing" on one protocol generally can bite you later on another if you ignore it because it's only <insert your least favorite program or protocol here>? -- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= -= Margie Arbon Mail Abuse Prevention System, LLC margie@mail-abuse.org http://mail-abuse.org
Margie Arbon wrote:
I am curious as to why open proxies, compromised hosts, trojans and routing games are not considered operational issues simply because the vehicle being discussed is spam.
With all due respect, we have a *problem*. End user machines on broadband connections are being misconfigured and/or compromised in frightening numbers. These machines are being used for everything from IRC flooder to spam engines, to DNS servers to massive DDoS infrastructure. If the ability of a teenager to launch a gb/s DDoS, or of someone DoSing mailservers off the internet with a trojan that contains a spam engine is not operational, perhaps it's just me that's confused.
Two-three years ago the warnings were ignored because it was only IRC. Now it's only spam. What does it take to make the Network Operators and NANOG decide that things that are a "very bad thing" on one protocol generally can bite you later on another if you ignore it because it's only <insert your least favorite program or protocol here>?
I believe that to be one of the most succint summaries of the issues as I have read.
On Thu, Oct 09, 2003 at 07:44:35PM -0500, Laurence F. Sheldon, Jr. wrote:
Two-three years ago the warnings were ignored because it was only IRC. Now it's only spam. What does it take to make the Network Operators and NANOG decide that things that are a "very bad thing" on one protocol generally can bite you later on another if you ignore it because it's only <insert your least favorite program or protocol here>?
I believe that to be one of the most succint summaries of the issues as I have read.
Not only that, but it's arguable that the problem is now significantly worse. Now IRC networks are *still* under attack, AND spam is a problem. And reading from the wired article, hard-to-trace, possibly very illegal websites are in the mix also. What next, national security compromised because someone created a massive P2P system with all these trojaned systems, and uploaded the list of names of CIA operatives? Nice. It's not inconceivable. Personally I'm in favour of specific port filtering, and charging a (small) premium ($10 a month?) for be able to run servers on residential broadband connections. Aunt Maggie in Florida doesn't NEED to run a server of any kind, and it would probably make my life easier trying to solve problems for her. -- Avleen Vig Systems Administrator Personal: www.silverwraith.com EFnet: irc.mindspring.com (Earthlink user access only)
Avleen Vig wrote:
Personally I'm in favour of specific port filtering, and charging a (small) premium ($10 a month?) for be able to run servers on residential broadband connections.
So you are happy to pay a $10 premium for your VoIP phone if it allows inbound calls? Pete
Laurence F. Sheldon, Jr. wrote:
Margie Arbon wrote:
With all due respect, we have a *problem*. End user machines on broadband connections are being misconfigured and/or compromised in frightening numbers. These machines are being used for everything from IRC flooder to spam engines, to DNS servers to massive DDoS infrastructure. If the ability of a teenager to launch a gb/s DDoS, or of someone DoSing mailservers off the internet with a trojan that contains a spam engine is not operational, perhaps it's just me that's confused.
I believe that to be one of the most succint summaries of the issues as I have read.
I concur whole-heartedly. Add on the background noise of still unpatched Code Red, Nimda, SQL Slammer, Blaster, and the scanning for open servers (ftp, smtp, proxy, squid, socks, wingate, etc) and we are talking about a considerable amount of [malicious] bandwidth waste. Adding further to that we have ridiculous quantities of ICMP spewing from Nachi/Welchia infections. The average household broadband connections are indeed being compromised, but our "threshold of pain" seems to be exponentially growing as the background noise gets louder and louder, and unusual spikes get drowned out by P2P. It takes a major catastrophe like Slammer or Blaster to get anyone's attention anymore (above the abuse reports from IWFs (Idiots With [personal] Firewalls). Jeff
On Thu, 9 Oct 2003, Margie Arbon wrote:
I am curious as to why open proxies, compromised hosts, trojans and routing games are not considered operational issues simply because the vehicle being discussed is spam.
Susan did not say it wasn't an operational issue. She said there are other lists which focus on that issue. There are many subjects of interest to operators which occasionally flare up on NANOG, but then move to other lists. BIND issues concern network operations, but a namedroppers list exists for the topic. Peering is of operational interest, but the model-peer mailing list exists for the topic. Network time synchronization if of interest to operators but then the ntp newsgroup exists for the topic. Network security is of interest to operators, but then nsp security mailing lists exists for the topic. Address hijacking is of interest to operators, but then the hijack mailing list exists for the topic. Not every operators' forum must discuss spam. There is a reason why more than one mailing list or forum on different topics exist on the Internet. I now return you to your meta-discussion whether the topic is on topic for a particular forum. If you believe in zero tolorance, should the forum moderator report us to our ISPs for network abuse and terminate our Internet connection for discussion something the forum moderators considers off topic?
(I dislike meta-discussion, but since it /is/ applicable to the list...) Thus spake Sean Donelan (sean@donelan.com) [09/10/03 21:32]:
Susan did not say it wasn't an operational issue. She said there are other lists which focus on that issue.
Agreed.
There are many subjects of interest to operators which occasionally flare up on NANOG, but then move to other lists. BIND issues concern network operations, but a namedroppers list exists for the topic. Peering is of operational interest, but the model-peer mailing list exists for the topic. Network time synchronization if of interest to operators but then the ntp newsgroup exists for the topic. Network security is of interest to operators, but then nsp security mailing lists exists for the topic. Address hijacking is of interest to operators, but then the hijack mailing list exists for the topic.
So if there's a more specific list for every operational issue, should we just shift discussion off to those lists? Should NANOG exist simply as a live resource for 'What mailing list should I consult for ...'?
On Thu, Oct 09, 2003 at 05:20:10PM -0700, Margie Arbon wrote:
--On Thursday, October 09, 2003 7:54 PM -0400 Susan Harris <srh@merit.edu> wrote:
Folks, let's move this discussion onto one of the many lists that focuses on spam:
http://www.claws-and-paws.com/spam-l/spam-l.html -- spam-l list for spam prevention and discussion http://www.abuse.net/spamtools.html -- spam tools list for software tools that detect spam net.admin.net-abuse.email | net.admin.net-abuse.usenet -- usenet lists
I am curious as to why open proxies, compromised hosts, trojans and routing games are not considered operational issues simply because the vehicle being discussed is spam.
With all due respect, we have a *problem*. End user machines on broadband connections are being misconfigured and/or compromised in frightening numbers. These machines are being used for everything from IRC flooder to spam engines, to DNS servers to massive DDoS infrastructure. If the ability of a teenager to launch a gb/s DDoS, or of someone DoSing mailservers off the internet with a trojan that contains a spam engine is not operational, perhaps it's just me that's confused.
I think that in the case of spam, it is not some teenager, but rather adult, vicious, sociopathic criminals. They are not fooling around, folks. -- -=[L]=-
participants (10)
-
Avleen Vig
-
Damian Gerow
-
Dr. Jeffrey Race
-
Jeff Kell
-
Laurence F. Sheldon, Jr.
-
Lou Katz
-
Margie Arbon
-
Petri Helenius
-
Sean Donelan
-
Susan Harris