Home / Blogs

Blacklists Down from Fear of DDoS

Yet another DNS blacklist has been taken down out of fear of the DDoS attacks that took down Osirusoft, Monkeys.com, and the OpenRBL. Blackholes.compu.net suffered a Joe-Job (A Joe-Job is essentially spam designed to look like it's coming from someone else.) earlier this week. Apparently the Joe-Jobing was enough to convince some extremely ignorant mail administrators that Compu.net is spamming and blocked mail from compu.net. Compu.net has also seen the effects of DDoS attacks on other DNS blacklist maintainers. They've decided that the risk to their actual business is too great and they are pulling the plug on their DNS blacklist before they come under the gun by spammers.

The following is the email sent out by the Network Administrator of Compu-Net:

"Effective immediately blackhole.compu.net will no longer be in service. We have this past week been the targets of 12,000+ bounced emails, Several hundred abuse complaints, and numerous threats against our selves, our servers, and our Internet connection. Ignorant administrators have placed blocks on legitimate emails from our customers due to the spam sent out using forged random users@compu.net email addresses. There is also a trend by spammers to launch massive denial of service attacks at blackhole list operators network infrastructure.

As a ISP this is a risk we can not run. We have blocked millions of emails for the Internet community and have not once asked nor thought about personal gain for this service. We are saddened that the spammers are winning the war to control your inboxes.

Rather than being driven out of business by the spammers illegal activities we were left with no other choice but to shut the list down.

If your company does not have a gross of at least 100 million a year and a influential politician or two in your pockets to law enforcement you do not exist. They will not investigate the criminal acts being perpetrated against your lively hood.

The IP registries ARIN, APNIC, LANIC, RIPE, and many others need to take the issue of spam very seriously. One very large hammer which could be used against countries like China, Brasil, and others which ignore spammers except when they spam their own citizens would be to revoke or suspend their ip allocations until they clean the spammers from their house and earn it back.

Ron Guilmette, maintainer of the Monkeys.com blacklists has posted a farewell from Monkeys.com to news.admin.net-abuse.email. Ron cites the total lack of interest in the attacks by both big network providers and law enforcement authorities as the ultimate reason he's pulling the plug.

It's truly a sad day for spam fighters everywhere.

So, my question for NANOG is how does one go about attracting the attention of law enforcement when your network is under attack? How does the target of such an attack get a large network provider who's customers are part of the attack to pay attention? Is media attention the only way to pressure a response from either group? These DDoS attacks have already received some attention in mainstream media.

Apparently it hasn't been enough. Legal remedies take too long and are cost prohibitive (unless you're the DoJ). Subpoenas and civil lawsuits take months if not years. Relief is needed in days if not hours. 

By Justin Shore, System and Network Administrator and Anti-Spammer
Follow CircleID on
Related topics: Cyberattack, Cybercrime, DDoS Attack, DNS, Spam
SHARE THIS POST

If you are pressed for time ...

... this is for you. More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Vinton Cerf, Co-designer of the TCP/IP Protocols & the Architecture of the Internet

Share your comments

Re: Blacklists Down from Fear of DDoS Minas Beede  –  Sep 28, 2003 4:51 PM PDT

Ron Guilmette has done far more than your story relates.  From the Washington Post article:

"Guilmette said that his investigative work had caused more than 100 spammers to lose their Internet subscriptions over the past three months and that such methods had drawn the ire of spammers."

More than one hundred spammers disconnected in 3 months.  Ponder that.

P.S.  Ron had a network, you might be able to do a single system: yours.  See:

http://world.std.com/~pacman/proxypot.html

To post comments, please login or create an account.

Related

Topics

Cybercrime

Sponsored byThreat Intelligence Platform

Domain Names

Sponsored byVerisign

Whois

Sponsored byWhoisXML API

Cybersecurity

Sponsored byVerisign

DNS Security

Sponsored byAfilias

New TLDs

Sponsored byAfilias

IP Addressing

Sponsored byAvenue4 LLC