North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Denial of Service Attacks disguised as Spam...
[The purpose of this note is to change your thinking about Spam] Enormous amounts of this so-called "spam" is nothing of the sort, it is malicious people using mail ports to conduct denial of service attacks. And the sooner we wake up to this fact the better. We need a new word for this and to publicize this new attitude. Because as soon as someone says "spam" all that comes to mind is a Sanford Wallace type pathetically trying to make a buck with annoying advertising, and people (in particular law enforcement) just won't give "annoying advertising" a moment's thought. But I assert that we're dealing with crime and criminals here who aren't selling anything. Look at the several consecutive log entries attached below ("Spamf" and "PATMATCH" mean the msg was blocked by our spam filters.) We're receiving about *30,000* of these per day, non-stop, full-blast, every few seconds, for days. The fact that not one of these is getting past our filters doesn't seem to discourage this person, not even over a period of days. The network address of the mail relay source has been hacked (notice how it changes with every msg), the address ("[email protected]") is phony and forged. This person has gone to great length to hide their identity and to make it difficult to block them at the router level. Blocking the message itself is relatively easy, but I don't think they care, just so long as they can hammer at your mail port day and night. Dec 31 14:36:29 5C:world sendmail: SpamF: <[email protected]> (relay=po1.synapse.or.jp [220.127.116.11]) PATMATCH Dec 31 14:37:09 5C:world sendmail: SpamF: <[email protected]> (relay=www.dma.be [18.104.22.168]) PATMATCH Dec 31 14:37:10 5C:world sendmail: SpamF: <[email protected]> (relay=at.atnet.it [22.214.171.124]) PATMATCH Dec 31 14:37:22 5C:world sendmail: SpamF: <[email protected]> (relay=mail.vienna.at [126.96.36.199]) PATMATCH Dec 31 14:37:23 5C:world sendmail: SpamF: <[email protected]> (relay=seus.metoc.ns.doe.ca [188.8.131.52]) PATMATCH This person is not the only source of this, others are doing the same thing. I don't believe this person is actually selling anything. Can I repeat that? I DON'T BELIEVE THIS PERSON IS ACTUALLY SELLING ANYTHING I do believe this is a malicious person who has learned that if you stick some text in a message that appears to be selling something law enforcement's mind will go blank and nothing (effective) will be done. "It's just annoying advertising, ignore it". The analogy which comes to mind is a town where door to door salesman can't be considered trespassers on your doorstep. So a group of people who want to annoy you don what appear to be door to door salesmen accouterments (eg, a suitcase full of new household brushes) and stands and bangs and bangs and bangs on your door, day and night. And you tell themm to go away. And they ignore you, they keep banging. So you call the police, and they say "he's a door to door salesman, the law allows him to bang on your door! People bang on people's doors all the time. Stop calling us, we can't do anything, ask him to leave or ignore him." We're being fooled, we're allowing criminals to operate without challenge. -- -Barry Shein Software Tool & Die | [email protected] | http://www.std.com Purveyors to the Trade | Voice: 617-739-0202 | Login: 617-739-WRLD The World | Public Access Internet | Since 1989 *oo*