Home page logo
/

nanog logo nanog mailing list archives

Re: Stealth Blocking
From: dlr () bungi com (Dave Rand)
Date: Thu, 24 May 2001 12:58:52 PDT


[In the message entitled "Re: Stealth Blocking" on May 24, 15:12, Mitch Halmu writes:]

On Thu, 24 May 2001, Dave Rand wrote:

That's why I think that port 25 blocking is the only way.  That, and
closing open relays, of course.

No, that is NOT the only way. We presume that the spammer had 8 dial-up
accounts. Who is this professional spammer, and how come he/she/it can
still find a provider? That is the question. Perhaps also who is the 
merchant that ordered the promotion?

Many of these spammers are using phished accounts, or credit cards.
Or they use stored-value cards, if they are even a little bit legit.
And, he likely only needed one account, with 8 machines signing into
that one account (most ISP's don't have the ability to restrict
multiple logins).

Dialup providers make it easy to become a customer.  This is good,
because Mom & Pop can sign up.  This is bad, because a spammer willing
to lie can open an account with a minimum of information.  Most providers
are unwilling to make the sign-up proceedure tougher.


The identity of such individual or company belongs on a black list.
Yet the spammer is able to subscribe again tomorrow, next week, next
year... and nothing happens to them. That is the point where control 
should be exercised. 


As mentioned earlier, even with court orders against it, spammers still
sign up, and send out spam.  They do not operate by the same rules, or
even care about potential liability.

As an analogy to the real world, I was speaking with the head of a 911 call
center recently.  It used to be that crooks would go to some trouble to
conceal their identity.  With the recent rise in the use of crank, there is
now *no* attempt to hide.  They will steal blank cheques, then go to the
bank and forge them in front of tellers, regardless of the cameras, and the
ability for the teller to identify them.

Spammers might not be doing crank, but *they just don't care* if we id
them.


-- 


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]