At 11:08 AM 3/2/00 +0200, I. Forbes wrote: >To give you an idea of the scope of the problem we have received >about eleven thousand bounces with the same forged address over >the last month. All of the Spam was launced from AOL, and relayed >using a whole list of open relays - many in Eastern Europe and the >Far East.
That is egregious enough that I think you should file criminal charges. I think you need to get in touch with the FBI. They have a computer crimes task force now. You don't have to be in the US to do this. They are far more attuned to the problem now after the recent spate of DOS attacks on US websites. The idea that there's nothing AOL can do to stop this doesn't hold water. A simple block of port 25 on the AOL network I think would wipe out 99% of the SPAM coming through their network. That would mean that all AOL customers would be forced to send their mail through AOL's MX's where it could effectively be monitored for SPAM. >All of those bounce messages come from open relays, while they >are actively sending spam. If I could run an effective DOS on them, >then the spammer who is sending the spam would find his >productivity gets hit quite hard. Maybe he will notice and then It would be more effective to DOS the originating IP. If the ip is still up, it's easy to crash a dial up connection. Some of my favorites are netcat, Ping of Death, Octopus. I'm sure you can find a ton more. Another cute one is a reverse SPAM DOS attack. Send out a few thousand bad emails (using bulkmail or something) using the spammer's ip for the return address. Oh the irony... :) >Has anybody tried this before. What resources do I have to have >available on my end to sink the other server without sinking my own? You can setup a new machine on your network to act as a "suicide attacker". A kamikaze box. It's sole purpose would be to max out the sockets on the offending ip. This will of course also max out the kamikaze box. That's why you don't want to do it with one of your production machines. If one box isn't enough set up more kamikazes. Any hunk of junk 486 should do the trick. If the offender is a Win box, opening a ton of sockets should sink it. If a unix box, then recursively open connections on every port. The offender will soon have 150 Apache's running, a few thousand telnet's, SMTP's ftp's, etc. Depending on what it's running. +-------------------------------------------------------------------+ | -=I T ' S P R I N C I P L E T H A T C O U N T S=- | |=- -=ALAN KEYES FOR PRESIDENT=- -=| | Balanced Budgets Personal Freedoms Morality Lower Tax | |=-- http://www.Keyes2000.com. --=| +———————————————————————————————————————————————————————————————————+
