Re: Make love, not spam....
The point behind the initiative is not to attack the email senders, but the source of money. If the spam websites are never up, then the recipients cannot buy products advertised. Without the sales, there are not finances to support the spamming. If spammers can't make money sending email, then they will find something else profitable to do . . . . like phishing :-) On Mon, 29 Nov 2004 10:52:22 -0500, Rich Kulawiec [EMAIL PROTECTED] wrote: On Mon, Nov 29, 2004 at 02:14:01PM +, Fergie (Paul Ferguson) wrote: Techdirt has an article this morning that discusses how Lycos Europe is encouraging their users to run a screensaver that constantly pings servers suspected to be used by spammers and also suggests that In other words, it's a distributed denial of service attack against spammers by Lycos. Already noted as unbelievably stupid and dissected on Spam-L, but: getting into a bandwidth contest with spammers is a guaranteed loss, as they have an [essentially] infinite amount available to them for free. Apparently Lycos is unaware of zombies (including those hosting web sites), HTTP redirectors, rapidly-updating DNS, throwaway domains, and other facts of life in the spam sewer. ---Rsk
Re: Make love, not spam....
Fergie (Paul Ferguson) wrote: I'd be curious to hear what NANOG readers thoughts are on this. It would be interesting to see how this fares when faced with a whole lot of router acls that got put in to filter out nachi srs
Re: Make love, not spam....
At 09:39 AM 29/11/2004, Suresh Ramasubramanian wrote: Fergie (Paul Ferguson) wrote: I'd be curious to hear what NANOG readers thoughts are on this. It would be interesting to see how this fares when faced with a whole lot of router acls that got put in to filter out nachi Although I generally like spamcop (one of the sources for determining spamvertised websites) for use with SpamAssassin in scoring, its not the most conservative list e.g. http://www.spamcop.net/w3m?action=blcheckip=198.108.1.41 list Merit as a spam source...) and the accidental listing or potential for abuse could be nasty. What about the case where the spammer gets black listed, traffic starts pounding the rouge site and then the spammer changes the A record to be www.example.com instead. Now all of a sudden www.example.com is being pounded by all those screen savers. ---Mike
FW: Make love, not spam....
Scratch that... Yes, the A record. You are right. I need coffee or something... :-) -Original Message- From: Miller, Mark Sent: Monday, November 29, 2004 9:27 AM To: [EMAIL PROTECTED] Subject: RE: Make love, not spam Not the A, the PTR... But yes, that could be a nasty retaliation by spammers with control of their DNS. I would hope, however, that the screen saver's target would be an IP address instead of a FQ mnemonic hostname. From the article, I understand that Lycos will be manually watching the list of targets and pushing updates to the users. Although I have traditionally been in favor of low bandwidth fixes, this kind of appeals to my sense of poetic justice. -mark -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mike Tancsa Sent: Monday, November 29, 2004 9:12 AM To: Suresh Ramasubramanian Cc: [EMAIL PROTECTED] Subject: Re: Make love, not spam ... What about the case where the spammer gets black listed, traffic starts pounding the rouge site and then the spammer changes the A record to be www.example.com instead. Now all of a sudden www.example.com is being pounded by all those screen savers. ---Mike
RE: Make love, not spam....
Not the A, the PTR... But yes, that could be a nasty retaliation by spammers with control of their DNS. I would hope, however, that the screen saver's target would be an IP address instead of a FQ mnemonic hostname. From the article, I understand that Lycos will be manually watching the list of targets and pushing updates to the users. Although I have traditionally been in favor of low bandwidth fixes, this kind of appeals to my sense of poetic justice. -mark -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mike Tancsa Sent: Monday, November 29, 2004 9:12 AM To: Suresh Ramasubramanian Cc: [EMAIL PROTECTED] Subject: Re: Make love, not spam ... What about the case where the spammer gets black listed, traffic starts pounding the rouge site and then the spammer changes the A record to be www.example.com instead. Now all of a sudden www.example.com is being pounded by all those screen savers. ---Mike
RE: Make love, not spam....
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Monday, November 29, 2004 9:28 AM To: [EMAIL PROTECTED] Subject: Re: Make love, not spam The BBC also has an article this morning about this: http://news.bbc.co.uk/2/hi/technology/4051553.stm - ferg -- Fergie (Paul Ferguson) [EMAIL PROTECTED] wrote: Techdirt has an article this morning that discusses how Lycos Europe is encouraging their users to run a screensaver that constantly pings servers suspected to be used by spammers and also suggests that In other words, it's a distributed denial of service attack against spammers by Lycos. The Techdirt article referenced is on Heise Online: http://www.heise.de/english/newsticker/news/53697 I'd be curious to hear what NANOG readers thoughts are on this. Techdirt is located at http://www.techdirt.com/ - ferg It's a DDOS. The risk of collateral damage is high. I won't discuss the RBL aspect of it because it can't be legitimized past the first sentence. -M
Re: Make love, not spam....
On Mon, Nov 29, 2004 at 02:14:01PM +, Fergie (Paul Ferguson) wrote: Techdirt has an article this morning that discusses how Lycos Europe is encouraging their users to run a screensaver that constantly pings servers suspected to be used by spammers and also suggests that In other words, it's a distributed denial of service attack against spammers by Lycos. Already noted as unbelievably stupid and dissected on Spam-L, but: getting into a bandwidth contest with spammers is a guaranteed loss, as they have an [essentially] infinite amount available to them for free. Apparently Lycos is unaware of zombies (including those hosting web sites), HTTP redirectors, rapidly-updating DNS, throwaway domains, and other facts of life in the spam sewer. ---Rsk
Re: Make love, not spam....
Rich Kulawiec [EMAIL PROTECTED] wrote: Already noted as unbelievably stupid and dissected on Spam-L, I'm inclined to agree... but: getting into a bandwidth contest with spammers is a guaranteed loss, as they have an [essentially] infinite amount available to them for free. Apparently Lycos is unaware of zombies (including those hosting web sites), HTTP redirectors, rapidly-updating DNS, throwaway domains, and other facts of life in the spam sewer. ... but this screensaver means that Lycos *also* have a botnet available to them. -- The advice given me about Maglites is to hold it out sideways from yourself but at shoulder height, this makes the opponent think you are standing 3 foot to one side of reality. - Rob Adams in the Monastery
Re: Make love, not spam....
In message [EMAIL PROTECTED], Peter Corlett writes: Rich Kulawiec [EMAIL PROTECTED] wrote: Already noted as unbelievably stupid and dissected on Spam-L, I'm inclined to agree... but: getting into a bandwidth contest with spammers is a guaranteed loss, as they have an [essentially] infinite amount available to them for free. Apparently Lycos is unaware of zombies (including those hosting web sites), HTTP redirectors, rapidly-updating DNS, throwaway domains, and other facts of life in the spam sewer. ... but this screensaver means that Lycos *also* have a botnet available to them. Yah -- imagine what happens if Lycos' control machine gets hacked... --Steve Bellovin, http://www.research.att.com/~smb
RE: Make love, not spam....
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Monday, November 29, 2004 11:00 AM To: [EMAIL PROTECTED] Subject: Re: Make love, not spam Rich Kulawiec [EMAIL PROTECTED] wrote: Already noted as unbelievably stupid and dissected on Spam-L, I'm inclined to agree... but: getting into a bandwidth contest with spammers is a guaranteed loss, as they have an [essentially] infinite amount available to them for free. Apparently Lycos is unaware of zombies (including those hosting web sites), HTTP redirectors, rapidly-updating DNS, throwaway domains, and other facts of life in the spam sewer. ... but this screensaver means that Lycos *also* have a botnet available to them. That means they are subject to the same sanctions as a botnet. This isn't a new issue to the operator community. We have a consistent opinion of this type of actvity going as far back as Green Card Lawyers and Sanford Wallace/Cyberpromo. The risks are too high for this to be anything but a publicity stunt. I can't read any German other than bier. Is the utility up there? I'd love to take a look at it. -M
RE: Make love, not spam....
It's a DDOS. The risk of collateral damage is high. I won't discuss the RBL aspect of it because it can't be legitimized past the first sentence. -M From what limited information is available in the articles, it doesn't sound that way. It's not really a DDoS attack, but more of a distributed web surfing bot. The point isn't to generate a ton of false requests to overload the web servers, the point is to send a controlled amount of requests to cause the target websites to generate a lot of http traffic. One that's not meant to knock the sites off line, but just consume their bandwidth through real http use. *IF* their screen saver is written correctly, the sites should never go down, but at worst, just slow down. That's a big *IF*. I understand this as more of a Distributed Consumption of Service attack. (Is the acronym DCoS used yet?) Real requests, downloading real data, to real computers. A lot of them. The same effect could be had by having those websites being requested by the Lycos mail users by clicking on a link to their web site, except that would be more prone to cause operational problems with target sites being overloaded. Also, if the target web servers are set up right, they should protect themselves in all the normal ways an http server under load does. If you still think it's a DDoS, then they're only as guilty as Slashdot. The big difference between Lycos Europe, and a script kiddie with zombies is that Lycos is mature enough to use restraint and not knock down websites with brute force. They're attempting to use the politically correct grown up way to attack someone: economics. How is giving the spammers what they want (real web site traffic) an attack? That doesn't even qualify! Would a huge advertising effort to get users to visit every spammer web site they get, and click reload a few times also qualify as an attack? Remember: I'm assuming a properly written client. -Jerry
RE: Make love, not spam....
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Monday, November 29, 2004 11:54 AM To: [EMAIL PROTECTED] Subject: RE: Make love, not spam [ SNIP ] The big difference between Lycos Europe, and a script kiddie with zombies is that Lycos is mature enough to use restraint and not knock down websites with brute force. They're attempting to use the politically correct grown up way to attack someone: economics. I didn't know there was a politically correct way to create a BotMonster and rule the Internet by emminent domain. -M
Re: Make love, not spam....
For residential users on cable-modem, the plan will deplete a scarce resource: upstream transmit opportunities. The DOCSIS MAC layer imposes an upper limit on the quantity of upstream transmissions (essentially PPS limitation, unless concatenation is employed, and concatenation is probably moot if standard ping with 1-second minimum transmit intervals is the upstream payload). If the load actually causes a problem in upstream operation, then folks using TCP for downstream service (e.g. surfing) will see their throughput cut. Regardless, the cable companies will probably try to disable this service, so they can avoid the financial impact of improving their infrastructure. They need to conserve the money in order to launch new unsolicited bids for Disney... At 09:14 AM 11/29/2004, you wrote: Techdirt has an article this morning that discusses how Lycos Europe is encouraging their users to run a screensaver that constantly pings servers suspected to be used by spammers and also suggests that In other words, it's a distributed denial of service attack against spammers by Lycos. The Techdirt article referenced is on Heise Online: http://www.heise.de/english/newsticker/news/53697 I'd be curious to hear what NANOG readers thoughts are on this. Techdirt is located at http://www.techdirt.com/ - ferg -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED]
RE: Make love, not spam....
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Monday, November 29, 2004 12:45 PM To: [EMAIL PROTECTED] Subject: RE: Make love, not spam -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Monday, November 29, 2004 11:54 AM To: [EMAIL PROTECTED] Subject: RE: Make love, not spam [ SNIP ] The big difference between Lycos Europe, and a script kiddie with zombies is that Lycos is mature enough to use restraint and not knock down websites with brute force. They're attempting to use the politically correct grown up way to attack someone: economics. I didn't know there was a politically correct way to create a BotMonster and rule the Internet by emminent domain. -M Yeah, that's exactly what they're doing! It's a plot to TAKE OVER THE WORLD. You figured it out! It's about giving the spammers what they want: More traffic to their websites. How can it be wrong when they send out 1 million emails that all say click on this link and 1 million computers actually click the link? Who's in the wrong there? Besides: rule the Internet by emminent domain. Isn't' that Verisign's job? For all who are interested, the controller appears to live at 230.136.241.83 Interesting. I started it up and it immediately attacked Yahoo/Akamai: premium3.geo.yahoo.akadns.net Then it went and attacked a slew of other sites and had nothing but errors coming back. It also appears to attack sequentially from the top each time the dll loads. They've miscalculated the speed at which spammers relocate. RBL's aren't realtime. Spammers are near real time. makeLOVEnotSPAM(bhGBX5Und`p\|kr3D4=RfF#o:4F'^!?)TC:[EMAIL PROTECTED])hmtw!g;E6=uaKe .a*iNb/makeLOVEnotSPAM /D4=RfF#o:4F'^!?)TC:[EMAIL PROTECTED])hmtw!g;E6=uaKe.a*iNb/makeLOVEnotSPAM/makeLOV EnotSPAM.!DOCTYPE HTML PUBLIC -//IETF//DTD HTML 2.0//EN HTMLHEAD TITLE403 Forbidden/TITLE /HEADBODY H1Forbidden/H1 You don't have permission to access / on this server.P /BODY/HTML makeLOVEnotSPAM@1w0tu|aG/)*kzM*Lquot;8xbj{GNy/ZZA\5zg('PIM`6MD$+VTa8fh M3lQvAWZ}iv/makeLOVEnotSPAM /y/ZZA\5zg('PIM`6MD$+VTa8fhM3lQvAWZ}iv/makeLOVEnotSPAM/makeLOVEnotSPAM .!DOCTYPE HTML PUBLIC -//IETF//DTD HTML 2.0//EN HTMLHEAD TITLE501 Method Not Implemented/TITLE /HEADBODY H1Method Not Implemented/H1 lt;makeLOVEnotSPAMgt;@1w0tu|aG/)*kzM*Lamp;quot;8xbj{GNlt;y/ZZA\5zg('PIM` 6MD$+Vamp;Ta8fhM3lQvAWZ}ivlt;/makeLOVEnotSPAMgt; to / not supported.P Invalid method in request lt;makeLOVEnotSPAMgt;@1w0tu|aG/)*kzM*Lamp;quot;8xbj{GNlt;y/ZZA\\5zg('PIM `6MD$+Vamp;Ta8f\hM3lQvAWZ}ivlt;/makeLOVEnotSPAMgt;P /BODY/HTML -Jerry
RE: Make love, not spam....
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Hannigan, Martin Sent: Monday, November 29, 2004 1:16 PM To: [EMAIL PROTECTED] Subject: RE: Make love, not spam -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Monday, November 29, 2004 12:45 PM To: [EMAIL PROTECTED] Subject: RE: Make love, not spam -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Monday, November 29, 2004 11:54 AM To: [EMAIL PROTECTED] Subject: RE: Make love, not spam [ SNIP ] The big difference between Lycos Europe, and a script kiddie with zombies is that Lycos is mature enough to use restraint and not knock down websites with brute force. They're attempting to use the politically correct grown up way to attack someone: economics. I didn't know there was a politically correct way to create a BotMonster and rule the Internet by emminent domain. -M Yeah, that's exactly what they're doing! It's a plot to TAKE OVER THE WORLD. You figured it out! It's about giving the spammers what they want: More traffic to their websites. How can it be wrong when they send out 1 million emails that all say click on this link and 1 million computers actually click the link? Who's in the wrong there? Besides: rule the Internet by emminent domain. Isn't' that Verisign's job? For all who are interested, the controller appears to live at 230.136.241.83 That would be the in-addr folks. 83.241.136.230 -M
Re: Make love, not spam....
- Original Message - From: Miller, Mark [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, November 29, 2004 10:27 AM Subject: RE: Make love, not spam Although I have traditionally been in favor of low bandwidth fixes, this kind of appeals to my sense of poetic justice. spammer buys hosting account, pays with fraudulent credit card, spams, provider gets ddos'ed and ends up paying for all the bandwidth because you can't well charge some unsuspecting grandma in alabama for it. i don't like this kind of justice. -p --- paul galynin
Re: Make love, not spam....
I agree and I'm surprised you even mentioned the wordt justice...since when is retaliating bad practices with more bad practises that are hardly likely to take out the real target considered a good idea..? Erik Paul G wrote: spammer buys hosting account, pays with fraudulent credit card, spams,provider gets ddos'ed and ends up paying for all the bandwidth because youcan't well charge some unsuspecting grandma in alabama for it. i don't likethis kind of justice. --- paul galynin
Re: Make love, not spam....
- Original Message - From: Erik Haagsman [EMAIL PROTECTED] To: Paul G [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Monday, November 29, 2004 4:30 PM Subject: Re: Make love, not spam I agree and I'm surprised you even mentioned the wordt justice...since when is retaliating bad practices with more bad practises that are hardly likely to take out the real target considered a good idea..? 'justice' was mentioned in the message i quoted. it appears i was not remiss - i got an email from a guy running a small town isp telling me, essentially, that: 1. if i get hit with cc fraud, it is my own darn fault for not asking every single $9.99/mo customer to fax me their retina scan. 2. incurring a humongous bandwidth bill instead of being out said $9.99 is adequate punishment for my 'stupidity' 3. he likes the kind of justice where a provider gets harmed instead of the abusive customer, because Good ISPs Recognize Bad Guys On Sight. i've got news for you: 1. when you run a sufficiently large operation, credit card fraud is approached as a risk mitigation excercise - you find a golden middle in terms of verification which is cost-effective, ie reduces the incidence of fraud to an acceptable level while not costing an arm and a leg in terms of labour costs and encumbrance to the very large majority of legitimate customers placing an order. the problem with getting ddosed is that this cost-effectiveness calculation goes out the window because your risk is no longer a measure of the price a customer is paying for the service, but rather a measure of how much traffic lycos' botnet can direct at you. for you, it may be bounded by the single t1 termed in your basement, while for me it may be bounded by a gig-e feed i get from my upstream. 2. cc fraud was just an example, and probably a bad example at that, since you can come up with a holier than thou argument against the example rather than the practice of shoving traffic my way that neither i nor my clients asked for. let's try again. customer pays for a dedicated server with a valid credit card. we charge them the monthly fee and keep the credit card on file. customer proceeds to spam, or better yet installs an insecure formmail script, or his box gets owned. he gets ddosed by lycos, racks up large overage bill and gets terminated by us for breach of AUP. we notify the customer and try to bill him for the overage charges. lo and behold, customer put a Do Not Honor request on transactions initiated by us. we're stuck with the bw bill. alternatively, customer charges back and their issuing bank is braindead and we lose the chargeback. or customer was paying by check. whatever. see the point? while we may be willing to risk the monthly charge because we won't ask customers paying by check for a large security deposit, we aren't willing to risk an arbitrarily high bw bill from folks who think they're doing the 'net a favour by ddosing For Our Own Good. consumption is equivalent to denial, the only difference being in the reason the service will no longer be available - administrative (ie financial) and technical respectively. while we all would like to see spam-related services not being available, there exist means to that end that are not acceptable, such as hunting spammers with shotguns or ddosing their (in many cases unknowing) providers. -p --- paul galynin
RE: Make love, not spam....
Ah, but I said poetic justice. Like for like. I am hearing DDoS over and over. As I understand it, the application will throttle to prevent Denial of access. It just causes additional GB to be used and paid for. Fraudulent CC use is an entirely different issue... -m -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Erik Haagsman Sent: Monday, November 29, 2004 3:30 PM To: Paul G Cc: [EMAIL PROTECTED] Subject: Re: Make love, not spam I agree and I'm surprised you even mentioned the wordt justice...since when is retaliating bad practices with more bad practises that are hardly likely to take out the real target considered a good idea..? Erik Paul G wrote: spammer buys hosting account, pays with fraudulent credit card, spams,provider gets ddos'ed and ends up paying for all the bandwidth because youcan't well charge some unsuspecting grandma in alabama for it. i don't likethis kind of justice. --- paul galynin
Re: Make love, not spam....
Once upon a time, Miller, Mark [EMAIL PROTECTED] said: Ah, but I said poetic justice. Like for like. I am hearing DDoS over and over. As I understand it, the application will throttle to prevent Denial of access. It just causes additional GB to be used and paid for. For sites set up with a monthly bandwidth quota, that _is_ a denial of service. -- Chris Adams [EMAIL PROTECTED] Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble.
RE: Make love, not spam....
Your argument seems to assume a T1 garage operation co-lo that is perpetually out to lunch. Provided Lycos delivers the restrictions on bandwidth they are stating, why would it exceed capacity? Come on, kids. If you can't deliver to begin with, don't sell it. I am not saying that the proposal is intrinsically right or wrong, I am saying it could have merit if just in waking up a brain-dead co-lo facility operator to deal with spamming clients. -mm -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Paul G Sent: Monday, November 29, 2004 4:11 PM To: [EMAIL PROTECTED] Subject: Re: Make love, not spam - Original Message - From: Erik Haagsman [EMAIL PROTECTED] To: Paul G [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Monday, November 29, 2004 4:30 PM Subject: Re: Make love, not spam I agree and I'm surprised you even mentioned the wordt justice...since when is retaliating bad practices with more bad practises that are hardly likely to take out the real target considered a good idea..? 'justice' was mentioned in the message i quoted. it appears i was not remiss - i got an email from a guy running a small town isp telling me, essentially, that: 1. if i get hit with cc fraud, it is my own darn fault for not asking every single $9.99/mo customer to fax me their retina scan. 2. incurring a humongous bandwidth bill instead of being out said $9.99 is adequate punishment for my 'stupidity' 3. he likes the kind of justice where a provider gets harmed instead of the abusive customer, because Good ISPs Recognize Bad Guys On Sight. i've got news for you: ... *Abbreviated*
Re: Make love, not spam....
I am not saying that the proposal is intrinsically right or wrong, I am saying it could have merit if just in waking up a brain-dead co-lo facility operator to deal with spamming clients. -mm How would this method be more effective than the e-mails, faxes, blocklists, and phonecalls that have been used in the past ? James H. Edwards Routing and Security Administrator At the Santa Fe Office: Internet at Cyber Mesa [EMAIL PROTECTED] [EMAIL PROTECTED] http://www.cybermesa.com/ContactCM (505) 795-7101
RE: Make love, not spam....
It's a DDOS. The risk of collateral damage is high. snip From what limited information is available in the articles, it doesn't sound that way. It's not really a DDoS attack, but more of a distributed web surfing bot. snip I understand this as more of a Distributed Consumption of Service attack. (Is the acronym DCoS used yet?) Real requests, downloading real data, to real computers. A lot of them. T snip The big difference between Lycos Europe, and a script kiddie with zombies is that Lycos is mature enough to use restraint and not knock down websites with brute force. They're attempting to use the politically correct grown up way to attack someone: economics. How is giving the spammers what they want (real web site traffic) an attack? That doesn't even qualify! How many bogus URLs are embedded into spam content? A: Lots. They are used to obscure words to get past filters, or as red herring targets or joe-jobs. A DDoS is a DDoS, no matter how benign one might think it is, or how evil/deserving the target is perceived to be. The risk of collateral damage is way too high. -- Chuck Goolsbee V.P. Technical Operations _ digital.forest Phone: +1-877-720-0483, x2001 where Internet solutions grow Int'l: +1-425-483-0483 celebrating ten years of service 7/12/1994 - 7/12/2004 19515 North Creek ParkwayFax: +1-425-482-6871 Suite 208 http://www.forest.net Bothell, WA 98011email: [EMAIL PROTECTED]
RE: Make love, not spam....
The servers targeted by the screensaver have been manually selected from various sources, including Spamcop, and verified to be spam advertising sites, Lycos claims. I'd like to know how will they manually choose which spammers they'll go after? Personal e-vendetta? It'll just cause the spammers to use the zombie networks more and more. It seems to me to just be an advertising gimmick, not a solution. scott
Re: Make love, not spam....
On Mon, Nov 29, 2004 at 10:54:03AM -0600, Jerry Pasker wrote: The big difference between Lycos Europe, and a script kiddie with zombies is that Lycos is mature enough to use restraint and not knock down websites with brute force. I have no idea whether they're mature enough. They're most certainly not knowledgeable enough, as they appear to have failed to account for: - zombie'd end-user systems (some of which will no doubt download this DoS tool) - web sites hosted on zombies (and serving requests sent to them either by rapidly-updating DNS or redirectors) - throwaway domains - hijacked ASNs among other standard spammer tricks, all of which can be used to deflect the attack or redirect it against third parties. But beyond that: this is a silly tactic. Spammers have as much [free, to them] bandwidth as they want. They're trying to drown people who own the ocean. ---Rsk