September 2003

I confess that I underestimated the enemy rather badly. I underestimated both the enemy’s level of sophistication, and also the enemy’s level of brute malevolence. I always knew that spammers had no principals and no ethics, but up until recently, I had no idea that they could or would stoop this low, or that they would engage in quite this level of criminality. I guess that, naively, I just never thought hard enough about how much money was actually at stake (in the spamming trade) or what that might mean in terms or the determination of spammers to win at all costs.

Ron F. Guilmette announced that he was giving up the fight against spam in the face of massive Distribued Denial of Service (DDoS) attacks. This, in the wake of the attacks which forced Joe Jared off the net, is rather worrying.

<lj-cut> Ron maintained a list of open proxies. When you connect your home or company private network to the Intarweb, and mess up (or install something which is insecure by default), you can arrange matters so that anyone can use your proxy as a convenient way to make themselves anonymous, since their activity appears to originate from the proxy. Whether it’s spamming, or merely making a nuisance of yourself on talkers and the like, open proxies are favoured by asshats everywhere. Ron was also running a network of honeypots, servers which pretend to be open proxies but which are actually gathering the real addresses of those responsible for abuse.

Joe Jared was the main distributor of the SPEWS list, a controversial blacklist of ISPs who, in the view of the anonymous list maintainers, weren’t doing enough to get rid of their spammers.

The lists, so called DNS Blackhole Lists or DNSBLs, were available published using the DNS, the name service which turns domain names (like www.livejournal.com) into IP addresses (like 66.150.15.150). Most of the big unix mail servers, such as Sendmail or Exim, can use these sorts of lists to refuse connections, or to tag mail as suspect. Even if your server administrator isn’t using blacklists, home users can also make use of DNSBLs using James Farmer’s Spampal program.

Guilmette and Jared probably overextended themselves by running these services from DSL or cable connections. The big boys are getting DDoS’d but their lists are still being published (even if the website isn’t doing so well). There are other proxy lists out there. So, what’s the worry?

I suppose, like Ron Guilmette, I’m surprised at such outright criminality. It makes me wonder who’s next on the list of targets. DNSBLs make particularly popular targets, but what about distributors of spam filtering software, say? One could say that these are the acts of desperate individuals, running scared of anti-spam efforts, but possibly this is the end point of the evolutionary arms race against spammers: many of them have gone to the wall, but the ones who are left are nastier than your average spammer was a few years ago.

People on news.admin.net-abuse.email are already talking about peer-to-peer systems to make a big easy target into lots of small, hard to hit targets (but geeks love to talk about distributed systems and crypto, so who knows whether it’ll go anywhere). Meanwhile, the old mantra about how you shouldn’t fight abuse with abuse is sounding less and less convincing.

Not been posting lately. It’s been a busy few weeks.

<lj-cut text=”Barcelona was excellent.”> Barcelona was lovely. I’d like to add to Terrie and Lise’s rhapsodising about it.

September turned out to be a good time to go. It wasn’t too hot, but we mostly had sun, despite the occasional downpour.

The food and wine were great. Had tapas a few times. Tried Les Quinze Nits, which I think turned out to be the best evening meal we had, and reasonably priced too. Watching the chap in one bar pouring cider from over his head into the glass (to aerate it) was fun too.

Barcelona is a beautiful city, full of tree lined avenues and squares. The Sagrada Familia, the cathedral by Gaudi, was magnificent even in its unfinished state, with detailed carvings all over the place. There’s a good view from the towers, too. I wandered up to the north of where we were staying, into the Gracia district, and found what looked like another Gaudi building, too.

We had a day trip to Montserrat, a monastery on the side of a mountain. Rode a cable car to get to the place, and took a funicular to near the top. Another spectacular view, although I kept well away from the edge 🙂

People are friendly, public transport works, and there’s lots to see. Thanks to Lise and Terrie for organising it.

It’s a shame to be back at work again. Sigh. No big plans for the coming weeks, although I’m sure something will turn up.