And yet again the usefulness of whois contacts is eroded. I don't know about the rest of you, but I'm beginning to indirect all my whois information through idiot filters -- indirect email addresses, alternate phone numbers. I don't even run anything large. What's going to be left to contact other network operators if whois becomes useless? Hopefully the RADB... if everyone were in it. At least this program below doesn't use prtraceroute to find upstream providers, yet. Dean ------- start of forwarded message ------- Date: Wed, 6 Nov 1996 23:54:50 GMT From: steveha@net-services.compulink.co.uk (Steve Harris) Get lots of e-mail offering you get-rich-quick schemes? Want to hit back? "Spam Hater" is free Windows software that helps you respond effectively and makes it hot for these people. * Analyses the Spam * Extracts a list of addresses of relevant Postmasters, etc. * Generates a "WHOIS" query to help track the perpetrator * Prepares a reply * Choice of legal threats, insults or your own message * Appends a copy of the Spam if required * Puts it in a mail window ready for sending Spam Hater works with lots of popular e-mail programs directly - there's no tedious cutting and pasting. Supported E-Mail Programs Ameol, AOL 2.5I, Eudora Light 1.5.2, 1.5.4, Eudora Pro 2.2, Free Agent 0.99, Microsoft Internet Explorer 3.0 (4.70.1155), Netscape 1.2N, 2.02 3.0 Pegasus Mail V2.4X, Virtual Access V3.51. Download from http://www.compulink.co.uk/~net-services/spam/ ------- end of forwarded message -------
My question is, will it allow you to mail multiple copies of the GCC source? <grin> -Bryan On Sat, 9 Nov 1996, Dean Gaudet wrote:
And yet again the usefulness of whois contacts is eroded. I don't know about the rest of you, but I'm beginning to indirect all my whois information through idiot filters -- indirect email addresses, alternate phone numbers. I don't even run anything large.
What's going to be left to contact other network operators if whois becomes useless? Hopefully the RADB... if everyone were in it.
At least this program below doesn't use prtraceroute to find upstream providers, yet.
Dean
------- start of forwarded message ------- Date: Wed, 6 Nov 1996 23:54:50 GMT From: steveha@net-services.compulink.co.uk (Steve Harris)
Get lots of e-mail offering you get-rich-quick schemes? Want to hit back? "Spam Hater" is free Windows software that helps you respond effectively and makes it hot for these people.
* Analyses the Spam * Extracts a list of addresses of relevant Postmasters, etc. * Generates a "WHOIS" query to help track the perpetrator * Prepares a reply * Choice of legal threats, insults or your own message * Appends a copy of the Spam if required * Puts it in a mail window ready for sending
Spam Hater works with lots of popular e-mail programs directly - there's no tedious cutting and pasting.
Supported E-Mail Programs
Ameol, AOL 2.5I, Eudora Light 1.5.2, 1.5.4, Eudora Pro 2.2, Free Agent 0.99, Microsoft Internet Explorer 3.0 (4.70.1155), Netscape 1.2N, 2.02 3.0 Pegasus Mail V2.4X, Virtual Access V3.51.
Download from http://www.compulink.co.uk/~net-services/spam/
------- end of forwarded message -------
gcc sources aren't as bloated as emacs sources. What you need to do is find a way to send the mimed sources to someones text pager. Either that, or uuencoded to their pager. Then build a compiler on the pager and put emacs on it. - Jared Bryan Koen graced my mailbox with this long sought knowledge:
My question is, will it allow you to mail multiple copies of the GCC source?
<grin>
-Bryan
On Sat, 9 Nov 1996, Dean Gaudet wrote:
And yet again the usefulness of whois contacts is eroded. I don't know about the rest of you, but I'm beginning to indirect all my whois information through idiot filters -- indirect email addresses, alternate phone numbers. I don't even run anything large.
What's going to be left to contact other network operators if whois becomes useless? Hopefully the RADB... if everyone were in it.
At least this program below doesn't use prtraceroute to find upstream providers, yet.
Dean
------- start of forwarded message ------- Date: Wed, 6 Nov 1996 23:54:50 GMT From: steveha@net-services.compulink.co.uk (Steve Harris)
Get lots of e-mail offering you get-rich-quick schemes? Want to hit back? "Spam Hater" is free Windows software that helps you respond effectively and makes it hot for these people.
* Analyses the Spam * Extracts a list of addresses of relevant Postmasters, etc. * Generates a "WHOIS" query to help track the perpetrator * Prepares a reply * Choice of legal threats, insults or your own message * Appends a copy of the Spam if required * Puts it in a mail window ready for sending
Spam Hater works with lots of popular e-mail programs directly - there's no tedious cutting and pasting.
Supported E-Mail Programs
Ameol, AOL 2.5I, Eudora Light 1.5.2, 1.5.4, Eudora Pro 2.2, Free Agent 0.99, Microsoft Internet Explorer 3.0 (4.70.1155), Netscape 1.2N, 2.02 3.0 Pegasus Mail V2.4X, Virtual Access V3.51.
Download from http://www.compulink.co.uk/~net-services/spam/
------- end of forwarded message -------
Jared Mauch writes:
gcc sources aren't as bloated as emacs sources.
What you need to do is find a way to send the mimed sources to someones text pager. Either that, or uuencoded to their pager. Then build a compiler on the pager and put emacs on it.
- Jared
So, as a "responsible" ISP, you advocate denial of service attacks? You are either incredibly naive or intensely stupid to advocate that position. Is that how you want people to deal with you when your customers violate your AUP? I really want to hear your justification for mail bombing ... maybe you have one for SYN attacks too? Frankly, there is NO valid reason for ANYONE to retaliate in this manner. As an ISP, if you have a customer that spams someone, you get flooded with hate mail -- this mail continues long after you have wiped the abuser out of your system. But in the event someone decides to mail the source to Linux 1000 times to your server, copying abuse, root, postmaster, and support, they kill off your entire site, denying thousands of innocent users Internet access. The number of hours I have wasted over the past four years chasing down hackers and mail bombers has been a real pain. I have ZERO tolerance for this behavior. If someone mail bombs my site, I will do everything in my power to track them down and have them put in jail. Mail bombers are criminals. If you are mail bombed and have the mail logs, here is a good place to start in your efforts to prosecute the bastards: The FBI Computer Crime Squad in Washington, DC -- 202-324-9164 -- ask for Rich Ress. If the mail bombing is continuous, you can get a court order to have the FBI seize their equipment in a few hours. You may want to to to the federal prosecutor in your jurisdiction too. If you provide access to military bases, you are in an even better position to nail these folks. And be sure to file civil suit against them too. If they respond to the suit, you can get them to spend thousands of dollars in their civil defense (not to mention their criminal defense). If they don't respond, you can file liens on everything they own. I also find it useful to dispatch a press release in the home town of the hackers, identifying them and the details of the crime and its investigation. Call the TV stations in their area too -- the local news loves to report on high-tech crime. In the event the hackers are international, you can filter their IP addresses and notify their upstream providers that the filters will remain in effect until they can provide assuarance that the threat has been eliminated. As a community, we need to slam hackers as hard as we possibly can. As individual companies, we have very little to fight them outside of the means listed above. But collectively, we could black list rogue sites using IP filtering. I think that hackers would consider things twice if they knew they were about to lose connectivity to half the world because of their actions. I am interested in what the other folks think about this too. The time for complacency on this issue is over. Dave Stoddard US Net Incorporated 301-572-5926 dgs@us.net
I don't advocate or tolorate this either. It was meant as a joke. We now return you to the non-flaming, nanog list... :-) - Jared David Stoddard graced my mailbox with this long sought knowledge:
Jared Mauch writes:
gcc sources aren't as bloated as emacs sources.
What you need to do is find a way to send the mimed sources to someones text pager. Either that, or uuencoded to their pager. Then build a compiler on the pager and put emacs on it.
- Jared
So, as a "responsible" ISP, you advocate denial of service attacks? You are either incredibly naive or intensely stupid to advocate that position. Is that how you want people to deal with you when your customers violate your AUP? I really want to hear your justification for mail bombing ... maybe you have one for SYN attacks too?
Frankly, there is NO valid reason for ANYONE to retaliate in this manner. As an ISP, if you have a customer that spams someone, you get flooded with hate mail -- this mail continues long after you have wiped the abuser out of your system. But in the event someone decides to mail the source to Linux 1000 times to your server, copying abuse, root, postmaster, and support, they kill off your entire site, denying thousands of innocent users Internet access. The number of hours I have wasted over the past four years chasing down hackers and mail bombers has been a real pain. I have ZERO tolerance for this behavior.
If someone mail bombs my site, I will do everything in my power to track them down and have them put in jail. Mail bombers are criminals. If you are mail bombed and have the mail logs, here is a good place to start in your efforts to prosecute the bastards: The FBI Computer Crime Squad in Washington, DC -- 202-324-9164 -- ask for Rich Ress. If the mail bombing is continuous, you can get a court order to have the FBI seize their equipment in a few hours. You may want to to to the federal prosecutor in your jurisdiction too.
If you provide access to military bases, you are in an even better position to nail these folks. And be sure to file civil suit against them too. If they respond to the suit, you can get them to spend thousands of dollars in their civil defense (not to mention their criminal defense). If they don't respond, you can file liens on everything they own. I also find it useful to dispatch a press release in the home town of the hackers, identifying them and the details of the crime and its investigation. Call the TV stations in their area too -- the local news loves to report on high-tech crime.
In the event the hackers are international, you can filter their IP addresses and notify their upstream providers that the filters will remain in effect until they can provide assuarance that the threat has been eliminated.
As a community, we need to slam hackers as hard as we possibly can. As individual companies, we have very little to fight them outside of the means listed above. But collectively, we could black list rogue sites using IP filtering. I think that hackers would consider things twice if they knew they were about to lose connectivity to half the world because of their actions. I am interested in what the other folks think about this too. The time for complacency on this issue is over.
Dave Stoddard US Net Incorporated 301-572-5926 dgs@us.net
So, as a "responsible" ISP, you advocate denial of service attacks? You are either incredibly naive or intensely stupid to advocate that position. Is that how you want people to deal with you when .. ... .. .. have wiped the abuser out of your system. But in the event someone decides to mail the source to Linux 1000 times to your server, copying abuse, root, postmaster, and support, they kill off your entire site, denying thousands of innocent users Internet access. The number of hours I have wasted over the past four years chasing down hackers and mail bombers has been a real pain. I have ZERO tolerance for this behavior.
If your systems are so badly configured that a mail bomb attack denies your users access, then you don't qualify as a "responsible ISP" yourself. In fact, you qualify under both "naive" and "intensely stupid". I don't agree with mailbombing, but it sounds like you are ripping your clients off, since you obviously don't know to configure a system.
Joe Rhett writes:
If your systems are so badly configured that a mail bomb attack denies your users access, then you don't qualify as a "responsible ISP" yourself. In fact, you qualify under both "naive" and "intensely stupid".
Wow, thanks for clarifying that for me! And I had always thought the mail bombs were the problem ... If you think you can set the Ob class in sendmail.cf to block large amounts of incoming mail, you are wrong -- sendmail is stupid enough to eat the entire thing before applying the size rule, which bounces it to postmaster, leaving it on your server. This is just what a mail bomber wants it to do. You can use something other than sendmail, but you give up a huge amount of flexibility to a small amount of additional security. Sure, you can install filters in your routers to block access, but you need to know you are under attack before you can take action. If the attack comes at 2:00 am and you are asleep at the switch, your /var partition will fill up before you will know what happened. Most folks don't put quotas on root or support, so if the flood comes to those accounts, you are screwed. It won't bring your server down, but it will make your customers unhappy while mail is blocked and disk space is exausted. Once you know you have a problem, you can check your mail log, look for the source, and filter it. If the source is aol.com, you have a bigger problem on your hands because 1) they don't have a NOC you can talk to [you can sit on hold waiting for a tech support person], and 2) all other mail to/from AOL will be blocked at the same time [which WILL make your customers unhappy]. Not to mention the fact that AOL uses several mail servers, and you will need to filter all of them to get the attack to stop. The same goes for most of the national Internet providers. Just so you are in the loop, we use a network tool called NOCOL that monitors all of our systems and ports. One of our NOCOL monitors evaluates disk space on each system (I wrote it) -- we placed the disk monitor in the public domain and made it available on our system at ftp://ftp.us.net/pub/unix/monitors/nocol-usnet/diskmon. We also have code for a simple system to drive numeric pagers from a BSDI server running NOCOL (you can get it from the same directory). As a result, they never fill our /var partition on either of our mail servers before the monitor alerts us (and we have a 50 MB cusion on each server after the monitor is triggered). We also have written procedures for our 22 employees to follow in the event of an attack, and we have had the opportunity to place those procedures in action more than once, so we know they work. Of course, you won't need our software -- it's only for the other naive and intensely stupid ISP's out there that think mail bombing is a bad idea ... ;->
I don't agree with mailbombing, but it sounds like you are ripping your clients off, since you obviously don't know to configure a system.
If you don't agree with mail bombing, then why did you suggest it as a solution to mail spam on this list? And if your suggestion is supposed to be a "joke", why do you feel that ISPs that don't like dealing with mail bombing are naive and intensely stupid? And how do you make the leap that everyone that disagrees with your opinions is ripping their clients off and does not know how to configure a system? Hello? Joe Rhett, you are out of line and I think you owe everyone on this list a big apology. Responding to mail spam with mail bombing is a bad idea Joe, and any way you try to spin it, it is still a bad idea. Dave Stoddard US Net Incorporated dgs@us.net
participants (5)
-
Bryan Koen
-
David Stoddard
-
dgaudet@plebe.com
-
Jared Mauch
-
Joe Rhett