North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Fwd: [ISN] Hackers exploit Korea to attack global systems

  • From: John R. Levine
  • Date: Fri Apr 26 23:09:44 2002
  • Newsgroups: iecc.lists.nanog

>>Some foreign servers block access attempts whose origins are traced to
>>Korea, implying that the country's leadership in the broadband
>>Internet business may be marred by its negligence in upgrading lame
>>security protection systems, the center said.

No kidding.  Some of us have gotten so tired of spam from Korea, both
stuff relayed from the west and Korean-language spam promoting Korean
web sites, combined with the complete lack of response to all abuse
reports, that we've blocked all mail from Korean networks.

As an experiment, I set up an RBLish blocking list at
korea.services.net.  It lists all the APNIC space assigned to Korea (I
think, APNIC's records are sloppy) along with any ARIN space assigned
to Korea that's come to my attention due to being spammed from it.  It
blocks a lot of spam, with very little collateral damage for me since
despite having books in print in Korean in Korea, nobody ever writes
to me from there.

I've told people they can use it informally, and it now gets about 5
hits per second, up from 3 a few weeks ago.  The blocking message
points at a web page explaining why I'm blocking mail, with an
unblocked address to write to me, so I get about one message a week
from Korean sysadms saying "I fixed my open relay, please unblock my
/32 now".  I write back and say it's not just them, their entire ISP
is blocked due to unresponsiveness.  I hope someday they'll clean up
their act enough to stop blocking them, but I'm not holding my breath.

Anyone's welcome to use it informally.  There's no SOA and no zone
transfers since it's running rbldns, not bind, but you can check
dig 3.0.0.127.korea.services.net to see how it works.


-- 
John R. Levine, IECC, POB 727, Trumansburg NY 14886 +1 607 387 6869
[email protected], Village Trustee and Sewer Commissioner, http://iecc.com/johnl, 
Member, Provisional board, Coalition Against Unsolicited Commercial E-mail