[CLUE-Tech] Brute force attack from host 208.188.115.21

Charles Oriez coriez at oriez.org
Sat Aug 7 07:48:10 MDT 2004 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

At 10:47 PM 8/6/2004 -0400, Roy J. Tellason wrote:
> > I've tried explaining to them that their approach is just as sad as the
> > "all the Indians I saw walk single file; therefore, all Indians walk
> > single file" concept. post hoc ergo propter hoc. I saw spam from this ip
> > address; therefore all users from this ip address must be spammers.
> >
> > Pretty lame.
>
>Yep.

You'd think anyone on a tech group would know that the minimum level of 
blockage possible is an IP address.

The correct statement is  "I saw spam from this ip address, therefor the 
ISP that owns that address must have pretty lame spam control measures in 
place".  There is no way to limit the blocking to less than the IPA level 
without the authentication procedures being proposed with SPF or IPV6, and 
neither of those are in place yet.

However, if the ISP terminated spammers within a few minutes of getting the 
complaint, there wouldnt be much blocking because there wouldn't be much 
spam. Inflow for instance is hosting at least one spammer with a connection 
date of July 2003. uu.net has about 200 separate areas identified as spam 
sources, some dating back to 2002



> > My evil twin would wish that there was a way to block all services for
> > those who block my emails.
>
>Isn't there?

There is. In fact, the ISPs blocking the mail WANT the pro spam ISPs on the 
other side of the divide to reciprocate.  AOL for instance is developing 
measures to block all access, not just mail access, so that if one of their 
members is a sucker who tries to visit the spammer's web page to buy 
something, they get a 403 or 404 return.  I block spammer domains with my 
httpd.conf file.  I would want spammer domains to reciprocate.  If they 
block all services from their systems to users of systems that block their 
spammers, the spammers wouldn't be motivated to steal resources, because 
access to their web pages would be unavailable.

Eventually, the Internet will be divided into two parts.  One part will be 
the part where spammers are given free reign. Everyone gets to mail 
whatever they want, as much as they want, burying the servers in load to 
the point where the ISPs have to charge more to expand their 
infrastructure.  No one gets cancelled for spamming.  Everyone on that side 
of the internet would get several hundred spams a day, and with a few hours 
work might be able to find the 1 or 2 non spam mails that got sent to them.

On the other side, no mail is accepted from the spamming side.  Spammers 
who try to sneak into our side get cancelled on the first run. We get the 
mail we want to get, and don't have to wade through the junk to find 
it.  We require less infrastructure, because the part of the infrastructure 
needed to deal with the crap isn't needed here.  If someone does spam, the 
spammer is terminated (violently would be nice) immediately. Anyone who 
fell for the spam and tried to get to the spammer side of the Internet to 
see more about it would see the 404 pages instead.

As you can see, I share the evil twin's wish.  So if you are on a pro-spam 
ISP, please add 207.174/16 and 207.44/16 to your httpd.conf file.





- --
coriez at oriez.org 39  34' 34.4"N / 105 00' 06.3"W
Lazlo's Chinese Relativity Axiom: "No matter how great your triumphs or how 
tragic your defeats, approximately one billion Chinese couldn't care less." 
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>
Comment: created 6/26/04 expire 6/25/05 stored MIT & PGP.COM

iQA/AwUBQRTdmbiLNnC0cMkdEQLJxQCfY/PstlMUbYaOQvWPJjWr0GzgIHgAnRts
27JH1bBIF2cegD/v3XB99sVh
=ayHK
-----END PGP SIGNATURE-----

More information about the clue-tech mailing list