CircleID

Yet another DNS blacklist has been taken down out of fear of the DDoS attacks that took down Osirusoft, Monkeys.com, and the OpenRBL. Blackholes.compu.net suffered a Joe-Job (A Joe-Job is essentially spam designed to look like it's coming from someone else.) earlier this week. Apparently the Joe-Jobing was enough to convince some extremely ignorant mail administrators that Compu.net is spamming and blocked mail from compu.net. Compu.net has also seen the effects of DDoS attacks on other DNS blacklist maintainers. They've decided that the risk to their actual business is too great and they are pulling the plug on their DNS blacklist before they come under the gun by spammers.

The following is the email sent out by the Network Administrator of Compu-Net:

"Effective immediately blackhole.compu.net will no longer be in service. We have this past week been the targets of 12,000+ bounced emails, Several hundred abuse complaints, and numerous threats against our selves, our servers, and our Internet connection. Ignorant administrators have placed blocks on legitimate emails from our customers due to the spam sent out using forged random users@compu.net email addresses. There is also a trend by spammers to launch massive denial of service attacks at blackhole list operators network infrastructure.

As a ISP this is a risk we can not run. We have blocked millions of emails for the Internet community and have not once asked nor thought about personal gain for this service. We are saddened that the spammers are winning the war to control your inboxes.

Rather than being driven out of business by the spammers illegal activities we were left with no other choice but to shut the list down.

If your company does not have a gross of at least 100 million a year and a influential politician or two in your pockets to law enforcement you do not exist. They will not investigate the criminal acts being perpetrated against your lively hood.

The IP registries ARIN, APNIC, LANIC, RIPE, and many others need to take the issue of spam very seriously. One very large hammer which could be used against countries like China, Brasil, and others which ignore spammers except when they spam their own citizens would be to revoke or suspend their ip allocations until they clean the spammers from their house and earn it back.”

Ron Guilmette, maintainer of the Monkeys.com blacklists has posted a farewell from Monkeys.com to news.admin.net-abuse.email. Ron cites the total lack of interest in the attacks by both big network providers and law enforcement authorities as the ultimate reason he's pulling the plug.

It's truly a sad day for spam fighters everywhere.

So, my question for NANOG is how does one go about attracting the attention of law enforcement when your network is under attack? How does the target of such an attack get a large network provider who's customers are part of the attack to pay attention? Is media attention the only way to pressure a response from either group? These DDoS attacks have already received some attention in mainstream media.

Apparently it hasn't been enough. Legal remedies take too long and are cost prohibitive (unless you're the DoJ). Subpoenas and civil lawsuits take months if not years. Relief is needed in days if not hours. 

Written by Justin Shore, System and Network Administrator and Anti-Spammer

Related topics: Cyberattack, Cybercrime, DNS, Spam