Home page logo
/

nanog logo nanog mailing list archives

Re: Reporting Little Blue Men
From: Dean Anderson <dean () av8 com>
Date: Tue, 20 Jan 1998 19:03:42 -0500

At 9:45 AM -0500 1/20/98, Eric Wieling wrote:

You should be able to figure out what interfaces they are comming in on.
That's the first step.

Is there any point in trying to report these attacks?  Who would we
report them to?  We don't know what the source is, after all the
address is spoofed.  It seems kind of pointless to notify the victim
-- they already know they have been smurfed.

You report them to the FBI. See "Firewalls and Internet Security" by
Cheswick and Bellovin, and "Unix System Security" by Curry.

Does that help?  Yes and no.  There are several laws being violated, but
the FBI basically isn't getting involved in the spam wars.  The first
violators were the anti-spammers who put in the blocking. The second
violators were the spammers who use relaying to get around that.
Anti-spammers are illegally intercepting (blocking) electronic
communications, and reading email, and the spammers are illegally exceeding
their authorization to access computers.  The anti-spammers are illegally
preventing access to computers and networks engaged in interstate commerce.
Anti-spammers illegally exceed their authority to cancel usenet messages.
Spammers try to post messages faster than they can be canceled.
Electronic packet wars with each side trying to out-send the other.

The FBI is aware of this.

I think the FBI is reticent to get involved since there is essentially an
electronic riot in progress, and they don't have the resources to arrest
all the involved parties.  Since no one is getting physically injured and
no money is being stolen, I think they are just waiting to see what
happens. Perhaps they think it will blow over. Or perhaps they just don't
think it important enough to get involved in. Perhaps its just the largest
flame war in the history of the planet, and shouldn't be taken too
seriously. Evidence is hard to gather and prosecute.

I suppose that some on this list are ill-disposed to accept they are
breaking any laws. I doubt anyone wants to argue this on this list.  So I
won't.

But you should note that both authors also indicate that (from Cheswick and
Bellovin, page 205): "Computing and electronic communications service
providers are more limited in their right to monitor user activity. Just as
the phone company personnel may not, in general, listen to your calls,
employees of a public electronic mail service may not read your messages,
whether in transit or stored." There will be more detailed information in
our spam policy.

I'm working on a spam policy which may be viewed at
http://www.av8.com/spampolicy.html It includes all the laws that are being
broken by all the parties.  It's still a draft, but the main points are
there.

I want to do my part to try to stop attacks, but I'm baffled on this
one.

Here's what you can do:

Get people to stop illegally blocking spam, and then get the spammers to
stop illegally using relays.  Once the network and online providers obey
the law, you can ask the spammers to obey the law, too.  It's pretty
pointless to only ask one group to obey the law.  It's pretty unlikely the
FBI will step in to enforce the law on only group while allowing the other
group break the law.

At some point, perhaps we can take a list of violators to the FBI and ask
them to restore order and enforce the laws on spammer and anti-spammer
violators.

                --Dean


++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
           Plain Aviation, Inc                  dean () av8 com
           LAN/WAN/UNIX/NT/TCPIP          http://www.av8.com
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++




  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]