North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: How many backbones here are filtering the makelovenotspam scr eensaver site?

  • From: Steven Champeon
  • Date: Thu Dec 02 16:10:21 2004

on Thu, Dec 02, 2004 at 12:55:02PM -0800, Chad Skidmore wrote:
quoting me:
> >What's the difference? Why is everyone so upset about Lycos and
> >nobody seems to be doing much of anything about the /existing
> >botnets/, which conservative estimates[1] already put at anywhere
> >from 1-3K per botnet to upwards of 1-5M hosts total[2]?
> 
> Well, the primary difference is that Lycos is trying to market what
> they are doing as a "good" thing in a fairly public manner. If their
> vigilante efforts become accepted as "OK" then it further opens the
> door for others to take the next step towards making dDOS attacks ok
> as long as you feel your motivations are pure. As network operators
> we all need to make sure that we enforce our AUPs and make it known
> that breaking those AUPs is not ok just because you feel your motives
> are pure. Most AUPs have some language that basically states that
> dDOS and simlar activities are "bad" and we will take action if you
> engage in said "bad" activities.

My point was to Martin's question about what would happen if - god
forbid - there were large botnets under the control of spammers; a
careful reading will suggest that my major point was, duh, that there
already are large botnets under the control of spammers.
 
> To your other point, how do you know that other botnets are not being
> identified and taken down every day by network operators? I know for
> a fact that they are, they just are not nearly as public as this one
> so those activities go largely unacknowledged.

Good point. Simply put, I can (and do) read my own mail server logs.
And I can see that many ISPs - regardless of what they may be doing in
onesy-twosy increments - simply aren't doing enough to prevent new
botnet infections from wasting my server's cycles in futile attempts
to deliver spam, outscatter, virus warnings, etc. etc. ad infinitum.

This costs me time and money, and many of the same ISPs mentioned above
are simply cost-shifting their own responsibility onto me and everyone
else, and I'm tired of it.

Not to say there aren't responsible ISPs, and I hope that anyone who
/is/ a part of the solution, rather than the fertile substrate for the
problem, is capable of recognizing that and not taking offense when I
point out there are others who could do more.

As for go180.net, you don't show up much on my radar, but on Nov 9th
we were hit by a spammer from SpokaneHotZone-63.go180.net [66.225.5.63].
I trust this is not a legitimate mail server and I can block it and any
other host that looks like it within the same domain, right? Thanks.
Otherwise, you may want to do something to distinguish it from the other
generic hosts in the same range.

-- 
hesketh.com/inc. v: +1(919)834-2552 f: +1(919)834-2554 w: http://hesketh.com
join us!   http://hesketh.com/about/careers/account_manager.html    join us!