Home page logo
/

nanog logo nanog mailing list archives

Re: Denial of Service Attacks disguised as Spam...
From: Barry Shein <bzs () world std com>
Date: Mon, 5 Jan 1998 22:08:56 -0500


I guess I'm not making my point very well.

I'm not talking in metaphors, I'm not saying that some spammers IN
EFFECT cause denial of service attacks.

I am saying that individuals who want to harm sites, and have nothing
whatsoever to sell, act like spammers to perform their maliciousness.

For example, they take some old "MAKE MONEY FAST!!!" text and bang it
at a site 300,000 times in a day, as fast as they can, hoping to cause
that site grief, just like a smurf or SYN attack or whatever.

Why? Because as another major site adminstrator agreed with me in
private mail, relating specific incidents: You call an upstream
ISP/NSP or the FBI or whatever and their minds cloud and they say "oh
yes, SPAM, annoying isn't it?  We get hundreds of complaints like this
a day we'll try to get to yours eventually, but I'd recommend just
deleting it <click>."

It's not as effective, but it looks to me like it's completely and
100% safe because the entire system which might track them down and
prosecute them completely collapses as soon as the word "spam" is
mentioned, all minds go off, form responses are sent back from
automailers, and nothing happens.

It's kind of like calling to complain about real telephone harassment
(eg, someone calling you with obscenities and threats at all hours of
the day and night) and having the telco person say "oh!
telemarketers! yes I find them annoying also, but there's not a lot
that can be done, sorry! <click>"

WHAT I AM SAYING IS we have the usual malicious, cracker sociopaths
who last week were trying to break into your routers and systems now
blasting you with millions of mail msgs they grabbed from somewhere,
not to sell something but out of the same sort of motivation that
moved them to crack your systems or do smurf attacks or whatever,
because they know that if it LOOKS LIKE spam no one will do anything
to them. Hell, no one will even really investigate beyond maybe "ah
well another spam load from some throwaway account".

I'm really going to go down in flames trying to make this distinction
aren't I?


-- 
        -Barry Shein

Software Tool & Die    | bzs () world std com          | http://www.std.com
Purveyors to the Trade | Voice: 617-739-0202        | Login: 617-739-WRLD
The World              | Public Access Internet     | Since 1989     *oo*


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]