Home / Blogs

Blacklists Down from Fear of DDoS

Yet another DNS blacklist has been taken down out of fear of the DDoS attacks that took down Osirusoft, Monkeys.com, and the OpenRBL. Blackholes.compu.net suffered a Joe-Job (A Joe-Job is essentially spam designed to look like it’s coming from someone else.) earlier this week. Apparently the Joe-Jobing was enough to convince some extremely ignorant mail administrators that Compu.net is spamming and blocked mail from compu.net. Compu.net has also seen the effects of DDoS attacks on other DNS blacklist maintainers. They’ve decided that the risk to their actual business is too great and they are pulling the plug on their DNS blacklist before they come under the gun by spammers.

The following is the email sent out by the Network Administrator of Compu-Net:

Effective immediately blackhole.compu.net will no longer be in service. We have this past week been the targets of 12,000+ bounced emails, Several hundred abuse complaints, and numerous threats against our selves, our servers, and our Internet connection. Ignorant administrators have placed blocks on legitimate emails from our customers due to the spam sent out using forged random [email protected] email addresses. There is also a trend by spammers to launch massive denial of service attacks at blackhole list operators network infrastructure.

As a ISP this is a risk we can not run. We have blocked millions of emails for the Internet community and have not once asked nor thought about personal gain for this service. We are saddened that the spammers are winning the war to control your inboxes.

Rather than being driven out of business by the spammers illegal activities we were left with no other choice but to shut the list down.

If your company does not have a gross of at least 100 million a year and a influential politician or two in your pockets to law enforcement you do not exist. They will not investigate the criminal acts being perpetrated against your lively hood.

The IP registries ARIN, APNIC, LANIC, RIPE, and many others need to take the issue of spam very seriously. One very large hammer which could be used against countries like China, Brasil, and others which ignore spammers except when they spam their own citizens would be to revoke or suspend their ip allocations until they clean the spammers from their house and earn it back.

Ron Guilmette, maintainer of the Monkeys.com blacklists has posted a farewell from Monkeys.com to news.admin.net-abuse.email. Ron cites the total lack of interest in the attacks by both big network providers and law enforcement authorities as the ultimate reason he’s pulling the plug.

It’s truly a sad day for spam fighters everywhere.

So, my question for NANOG is how does one go about attracting the attention of law enforcement when your network is under attack? How does the target of such an attack get a large network provider who’s customers are part of the attack to pay attention? Is media attention the only way to pressure a response from either group? These DDoS attacks have already received some attention in mainstream media.

Apparently it hasn’t been enough. Legal remedies take too long and are cost prohibitive (unless you’re the DoJ). Subpoenas and civil lawsuits take months if not years. Relief is needed in days if not hours.

By Justin Shore, System and Network Administrator and Anti-Spammer

Filed Under

Comments

Minas Beede  –  Sep 28, 2003 11:51 PM

Ron Guilmette has done far more than your story relates.  From the Washington Post article:

“Guilmette said that his investigative work had caused more than 100 spammers to lose their Internet subscriptions over the past three months and that such methods had drawn the ire of spammers.”

More than one hundred spammers disconnected in 3 months.  Ponder that.

P.S.  Ron had a network, you might be able to do a single system: yours.  See:

http://world.std.com/~pacman/proxypot.html

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

Related

Topics

DNS

Sponsored byDNIB.com

Domain Names

Sponsored byVerisign

Cybersecurity

Sponsored byVerisign

IPv4 Markets

Sponsored byIPv4.Global

Brand Protection

Sponsored byCSC

Threat Intelligence

Sponsored byWhoisXML API

New TLDs

Sponsored byRadix