|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: IP spoofing and spamming
On Wed, Oct 29, 1997 at 03:42:15AM +0200, Hank Nussbacher wrote: > At 07:34 PM 10/28/97 -0600, Karl Denninger wrote: > > >The Internet works because people don't abuse other's resources. If people > >abuse my resources, I stop allowing the abuse. If they threaten to sue, I > >laugh and tell them to go right ahead. We write our contracts so that we > >can shut off people who spam, even on the first offense. > > I would be interested in seeing a copy of that contract. When suits > (lawyers) get involved, how do you show that a violation has happened? > Remember, no complaint has come to you and you would have had to sniff his > line and open his smtp pkts to see he was spamming which would invoke a > countersuit. > > -Hank Nope. We reserve the right to do exactly that. Further, the logs which come from the offended parties are certainly useful. You can't spoof the source address of an SMTP connection to sendmail if you expect *replies* and the ability to know if anything's working (if you're not spamblocked already). You can route it funny, but that's not the point. Sooner or later I'll get wind of it. Someone will track the source of the packets back to us (remember, people thought smurfing was untraceable - they were wrong) and then I'll get a call. At that point I have cause to investigate. When I do, you're busted. Something as simple as turning on IP accounting (a normal system monitoring thing) on the suspect interface will flag the "funny" source addresses, and at that point I have cause to look into it further - including taking a dump of the packets involved. The ECPA *ALWAYS* permits this kind of investigation, even absent explicit language in the contract (which we have as well). We *always* reserve the right to monitor for performance, and further, we have the right to look into alleged violations of our agreement or the law. Its part of our job. If you're violating the contract, and we can prove it, you're screwed. If you sue in the US under such circumstances you're asking to be slapped with sanctions and/or a countersuit yourself. By the time you "catch" us in that kind of situation we've got more than enough evidence compiled and the game's up. My answer to people who want to sue us under such circumstances is "Here's our counsel's name and number; serve us there please." as I laugh while hanging up the phone. Acting surruptitiously (ie: your example) to avoid detection just makes the original act look even worse when it comes time to go in front of a judge. Someone who tries that is likely to end up with their assets in our computer room instead of theirs. We just don't worry about situations like that. Log it, prove it, send notice, shut down the line and move on. -- -- Karl Denninger ([email protected])| MCSNet - Serving Chicagoland and Wisconsin http://www.mcs.net/~karl | T1's from $600 monthly to FULL DS-3 Service | NEW! K56Flex modem support is now available Voice: [+1 312 803-MCS1 x219]| 56kbps DIGITAL ISDN DOV on analog lines! Fax: [+1 312 803-4929] | 2 FULL DS-3 Internet links; 400Mbps B/W Internal
|