Home page logo
/

nanog logo nanog mailing list archives

Re: Motion for a new POST NSF AUP
From: "Theodore Ts'o" <tytso () MIT EDU>
Date: Mon, 16 Oct 1995 13:03:59 -0400

   Date: Mon, 16 Oct 95 08:13:54 GMT
   From: "William Allen Simpson" <bsimpson () morningstar com>

   > As a matter of course, whenever I receive a spam, I will generally send
   > a complaint to postmaster at the originating site, or perhaps to the
   > ISP, if I can determine it.  In fact, I'm thinking about automating this
   > procedure, to decrease the amount of time that it takes for me to send
   > the complaint.

   I also have a template file which I use to save time.

   How do you automate finding the postmaster and ISP?  I cannot seem to
   figure it out.


Well, I'd only seriously consider bothering the ISP if
postmaster () perp site hasn't responded, or if it's obvious that perp.site
is a PPP-only site that's connected to an ISP (in which case
root () perp site is probably the same as perpetrator () perp site).
Figuring out the ISP isn't too hard; you can look at the nameservers for
perp.site (especially if it's a PPP-only link, the ISP is probably
providing nameservice), or you can use traceroute.

The other thing to keep in mind is that in the case of the magazine
spam, the e-mail contact address for requested responses was posted.  So
instead of needing to try to figure out the actual posting address from
the forgery, you can also just simply send complaints to
postaster () grfn org (looks like the spammers were taking advantage of a
freenet site, which also deserved to get flooded with complaints; they
had several different accounts on that freenet site).

In the case where the perpatrators of the spam leave a 1-800 number as
the contact point, you can simply call them up and give them abuse for
spamming the internet.  Again, if enough people do this it will become
economically unfeasible for spammers to continue.  (There's an extremely
hilarious story going around about someone who posted the 1-800 number
alt.sex.* as a phone sex line; the poor company got flooded with lots of
calls, which skyrocketed their 1-800 bill and embarassed the heck out of
their (mostly female) receptionists.  I don't recommend that people try
this do, since posting the 1-800 number as a phoen sex number is
obviously fraud.  But it *is* extremely amusing to hear about it
happening.)

The hard part of trying to automate it is that there are a lot of
hueristics.  But it certainly would be possible to build tools that
automated at least part of the detective work.  

                                                - Ted


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault