[CLUE-Tech] Brute force attack from host 208.188.115.21
Charles Oriez
coriez at oriez.org
Sat Aug 7 07:48:10 MDT 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
At 10:47 PM 8/6/2004 -0400, Roy J. Tellason wrote:
> > I've tried explaining to them that their approach is just as sad as the
> > "all the Indians I saw walk single file; therefore, all Indians walk
> > single file" concept. post hoc ergo propter hoc. I saw spam from this ip
> > address; therefore all users from this ip address must be spammers.
> >
> > Pretty lame.
>
>Yep.
You'd think anyone on a tech group would know that the minimum level of
blockage possible is an IP address.
The correct statement is "I saw spam from this ip address, therefor the
ISP that owns that address must have pretty lame spam control measures in
place". There is no way to limit the blocking to less than the IPA level
without the authentication procedures being proposed with SPF or IPV6, and
neither of those are in place yet.
However, if the ISP terminated spammers within a few minutes of getting the
complaint, there wouldnt be much blocking because there wouldn't be much
spam. Inflow for instance is hosting at least one spammer with a connection
date of July 2003. uu.net has about 200 separate areas identified as spam
sources, some dating back to 2002
> > My evil twin would wish that there was a way to block all services for
> > those who block my emails.
>
>Isn't there?
There is. In fact, the ISPs blocking the mail WANT the pro spam ISPs on the
other side of the divide to reciprocate. AOL for instance is developing
measures to block all access, not just mail access, so that if one of their
members is a sucker who tries to visit the spammer's web page to buy
something, they get a 403 or 404 return. I block spammer domains with my
httpd.conf file. I would want spammer domains to reciprocate. If they
block all services from their systems to users of systems that block their
spammers, the spammers wouldn't be motivated to steal resources, because
access to their web pages would be unavailable.
Eventually, the Internet will be divided into two parts. One part will be
the part where spammers are given free reign. Everyone gets to mail
whatever they want, as much as they want, burying the servers in load to
the point where the ISPs have to charge more to expand their
infrastructure. No one gets cancelled for spamming. Everyone on that side
of the internet would get several hundred spams a day, and with a few hours
work might be able to find the 1 or 2 non spam mails that got sent to them.
On the other side, no mail is accepted from the spamming side. Spammers
who try to sneak into our side get cancelled on the first run. We get the
mail we want to get, and don't have to wade through the junk to find
it. We require less infrastructure, because the part of the infrastructure
needed to deal with the crap isn't needed here. If someone does spam, the
spammer is terminated (violently would be nice) immediately. Anyone who
fell for the spam and tried to get to the spammer side of the Internet to
see more about it would see the 404 pages instead.
As you can see, I share the evil twin's wish. So if you are on a pro-spam
ISP, please add 207.174/16 and 207.44/16 to your httpd.conf file.
- --
coriez at oriez.org 39 34' 34.4"N / 105 00' 06.3"W
Lazlo's Chinese Relativity Axiom: "No matter how great your triumphs or how
tragic your defeats, approximately one billion Chinese couldn't care less."
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>
Comment: created 6/26/04 expire 6/25/05 stored MIT & PGP.COM
iQA/AwUBQRTdmbiLNnC0cMkdEQLJxQCfY/PstlMUbYaOQvWPJjWr0GzgIHgAnRts
27JH1bBIF2cegD/v3XB99sVh
=ayHK
-----END PGP SIGNATURE-----
More information about the clue-tech
mailing list