|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Wake Up! (was: spamspamspam)
Jared Mauch writes: > gcc sources aren't as bloated as emacs sources. > > What you need to do is find a way to send the mimed sources to > someones text pager. Either that, or uuencoded to their pager. Then > build a compiler on the pager and put emacs on it. > > - Jared So, as a "responsible" ISP, you advocate denial of service attacks? You are either incredibly naive or intensely stupid to advocate that position. Is that how you want people to deal with you when your customers violate your AUP? I really want to hear your justification for mail bombing ... maybe you have one for SYN attacks too? Frankly, there is NO valid reason for ANYONE to retaliate in this manner. As an ISP, if you have a customer that spams someone, you get flooded with hate mail -- this mail continues long after you have wiped the abuser out of your system. But in the event someone decides to mail the source to Linux 1000 times to your server, copying abuse, root, postmaster, and support, they kill off your entire site, denying thousands of innocent users Internet access. The number of hours I have wasted over the past four years chasing down hackers and mail bombers has been a real pain. I have ZERO tolerance for this behavior. If someone mail bombs my site, I will do everything in my power to track them down and have them put in jail. Mail bombers are criminals. If you are mail bombed and have the mail logs, here is a good place to start in your efforts to prosecute the bastards: The FBI Computer Crime Squad in Washington, DC -- 202-324-9164 -- ask for Rich Ress. If the mail bombing is continuous, you can get a court order to have the FBI seize their equipment in a few hours. You may want to to to the federal prosecutor in your jurisdiction too. If you provide access to military bases, you are in an even better position to nail these folks. And be sure to file civil suit against them too. If they respond to the suit, you can get them to spend thousands of dollars in their civil defense (not to mention their criminal defense). If they don't respond, you can file liens on everything they own. I also find it useful to dispatch a press release in the home town of the hackers, identifying them and the details of the crime and its investigation. Call the TV stations in their area too -- the local news loves to report on high-tech crime. In the event the hackers are international, you can filter their IP addresses and notify their upstream providers that the filters will remain in effect until they can provide assuarance that the threat has been eliminated. As a community, we need to slam hackers as hard as we possibly can. As individual companies, we have very little to fight them outside of the means listed above. But collectively, we could black list rogue sites using IP filtering. I think that hackers would consider things twice if they knew they were about to lose connectivity to half the world because of their actions. I am interested in what the other folks think about this too. The time for complacency on this issue is over. Dave Stoddard US Net Incorporated 301-572-5926 [email protected] - - - - - - - - - - - - - - - - -
|