A personal denial of service attack

A personal denial of service attack

Summary: When a widespread technology facilitates a denial of service attack affecting a large number of people, and the technology is deployed mainly by a few players with deep pockets, the right way to affect change may be to launch a class action lawsuit in an American court.

SHARE:

About two weeks ago my mail system started getting a lot of reject and return messages pertaining to email being sent out with murph at winface as the return address. None of that actually originated here, of course, but by last Sunday volumes were up to about a two hundred false returns per hour.

It's possible to find out where this is coming from, but fruitless because victim lists circulate and one guy's mass mailing today is somebody else's tomorrow.

By itself this wouldn't matter, but in the broader sense it's a directed denial of service attacked aided and abetted by the stupid and complacent among network operators.

Here, for example, is first a plea for help that arrived last Thursday morning, my response, and the sender's network carrier response to that:

To: murph winface com Subject: Please help me understand something From: name withheld at sbcglobal.net Date: Thu, 24 Apr 2008 10:04:42 -0700 (PDT)

I have been a MCSE for 11 years now, working in the IT field for 15. I have greatly desired for over 10 years to run Linux, but I can't seem to get a fully functional, stable install in all that time. There is a massive documentation overload when it comes to Linux, so trying to find a solution to a problem is almost impossible. When trying to install any driver, especially wifi, it sometimes takes me days (I have never gotten wifi to work at all) because the documentation on how to make it work never coincides with what I have on my system. In other words, when it says to look in such and such directory, the directory doesn't exist or is somewhere completely different from what the documentation says. And you find out the you don't have this or that library to fulfil the dependancies for anything, so you have to go to 50 million places to get 50 million different libraries, and it still doesn't work. Even within the same distro, things ar completely different from one versio n to the next. Also, services such as Samba will just stop working and I don't know why. They will work one day and the next day, nothing. What am I missing? I really want to get away from Microsoft, but I can't until I figure out what it is I don't understand... People ask why Linux isn't doing better in the market, I will suggest that this is the reason (and from a gamers perspective, none of the hotest games are ported to Linux.) I don't think I'm stupid, but Linux sure makes me feel like I am. Thanks for your help, Mike

---

Date: Thu, 24 Apr 2008 11:53:40 -0600 (MDT) From: Paul Murphy Subject: Re: Please help me understand something To: name withheld at sbcglobal.net MIME-Version: 1.0 Content-MD5: hmCQGxczz7aw/SrZZgNlEA== Sorry, I don't think I can help you. Clearly what you need is someone to sit with you and walk you through the process - and I'm not where you are (and if I was, I probably wouldn't take the time anyway - but distance works as an excuse).

If you'd like I could publish this in the blog and ask for someone to help you - but expect a fair amount negative comment.

---

Date: Thu, 24 Apr 2008 11:53:43 -0600 (MDT) From: Mail Delivery Subsystem To: MIME-Version: 1.0 Subject: Returned mail: see transcript for details Auto-Submitted: auto-generated (failure)

The original message was received at Thu, 24 Apr 2008 11:53:40 -0600 (MDT) from suni [70.65.128.188]

----- The following addresses had permanent fatal errors ----- (reason: 553 5.3.0 flpi188,DNSBL:521< 70.65.128.188 >_is_blocked.__For_information_see_http://worldnet.att.net/general-info/bls_info/block_inquiry.html)

----- Transcript of session follows ----- ... while talking to sbcmx2.prodigy.net.: < << 553 5.3.0 flpi188,DNSBL:521< 70.65.128.188 >_is_blocked.__For_information_see_http://worldnet.att.net/general-info/bls_info/block_inquiry.html 501 5.6.0 Data format error

And if you look at AT&T's site you find, among much else, this:

The easiest way to get your message identified as spam is to send it to people who don't want it or to addresses that are defunct.

Now what I think they did, instead of taking the sender IP from the offending email (typically marked with something like: "Received-SPF: neutral (google.com: 77.212.41.76 is neither permitted nor denied" by the forwarder) was look up winface.com and block that - thus helping the bad guys execute their denial of service attacks. I asked them about it, but of course they block email from me and did not respond.

This creates both a problem and an opportunity. Email abuse would be trivially easy for the industry to put an end to - just recognize that every message put on the internet originates with an account someone is paying for and hold that person or company responsible. It's not technically difficult, and the mechanisms for it are well understood - but this whole PC "security" business is a multi-billion dollar tax on the stupid and nobody wants to kill the golden goose.

Although we don't know why att.net decided to interupt my communications with name withheld, it's easy to argue that there's a real cost being imposed here - and extending that argument to a few million other victims shouldn't be much of a challenge either.

Bottom line: what we have here is clear grounds for a class action lawsuit against network carriers - one with millions of claimants and a few big, deep pocket, targets. So, just maybe, the way to finally get action on spam is to turn one bunch of lawyers against another and nail the network carriers between them - and if so, I have one question: anyone want to nominate a law firm?

Topics: Networking, Collaboration, Linux, Open Source

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

24 comments
Log in or register to join the discussion
  • Not that easy

    Most email spam comes from zombie bots - computers taken over through nefarious means. I'm sure that your D.O.S. email could be traced back to one of these bots - and THEN who would you fine/cut off? It was probably 10 years ago that the last of the stupid emailers was caught though your tracing technique, and now the smart ones (and script kiddie me toos) use the bot technique.

    David Berlind wrote about email many times. About how M$ and others couldn't come together on new standards. But M$ released SPF from captivity a year or two ago - yet no one is pushing to change email. My guess is that spam filters have reached the 80/20 rule - users can put up with 20% spam without getting too upset. Of course it's a b1tch when you are on the other side of the spam filter - and trying to change that.
    Roger Ramjet
    • I think you've mis-understood

      1) it's people like att.net who make this possible - the bad guys sending the bot mail are leveraging a dumb response to get what they want.

      2) it seems to me that if you let your pc get bot netted, the results are your problem - same as if you lend your car to a nine year old who then runs someone over.

      3) the solution is based on controlling internet access routers - not the user's gear - and the people that would stop are the orginators, not the bot net victims.
      murph_z
      • Maginot Line

        The French built a huge fortified line to keep the Germans at bay. It failed utterly, because the Germans could simply circumvent via Belgium.

        What you're proposing is a Maginot Line, and because of the complexity of the internet, you'll never circle the wagons completely.
        TheTruthisOutThere1
        • Agreed - but it won't matter

          Remember that the internet is a network of networks - meaning that once some of the major players recognize that every message travelling over their bit of the total has a source that can be held responsible for abuse, almost everybody else will have to follow very quickly.
          murph_z
        • Marginal Line

          Once the German's got around to mopping up the ML, they attacked from the French side. The ML was designed with guns that only faced Germany and could not be turned around. If the French had designed them better, the ML would have been a thorn in the side of Germany and they would have committed a considerable force to eliminate it - taking time and resources away from other things (like attacking Dunkirk, Norway). It COULD have changed the war considerably . . .
          Roger Ramjet
          • OT - Yes a serious mistake

            However I believe that the very low state of French morale at the time means that overall (with various very brave exceptions) they didn?t want to, they weren?t going to fight. (How many of the French soldiers who did get taken to Britain from Dunkirk eventually fought again?)

            This is no criticism of them - one would have to go through what the French did in WW1 (on one?s own territory), and then recover, then face the Wehrmacht etc. motoring in one?s direction on a roll, and decide to fight, to gain the right to.

            Thus while areas of resistance might well have hindered the Germans, I don?t think that if the Maginot Line had faced both ways it would have made a lot of difference to the big picture, because they basically wouldn?t have stuck to their guns.
            Ross44
          • Maginot rainbow (blunder)

            Agreed. The French traditionally love to huff and puff and beat their chests, much like their Italian (Romance) compatriots, but when it comes to lead flying, they tend to scurry for cover. The Germans and their Prussian cousins were built to fight, it's in their nature and constitutions, and they do it well. The famed Maginot Line was no match for Panzers (and in the east, Panthers and Tigers) kicking up dust on a blitzkrieg roll (as they soon came to learn).

            Let's be real, the French are too spent to give reasonable resistance after all the lovin', and the Italians ... well, all they wanted to be was cooks for the German warriors. "Hans and Hermann, you do the fighting, we'll do the cooking! Please!"

            The Wermacht and Waffen SS were not generally deemed inviting targets to probe or attack head on. If you knew the mind-boggling number of Russians who fell trying, you'd know why. There was a reason that whenever the Russians looked for weaknesses in the German lines, they invariable turned to where they would find the fewest German fighters. The Axis auxiliary forces, be it Italians, Hungarians, Romanians or White Russians, were found to be less tenacious [read: Stalingrad]. It helped the Reds turn the tide (well, that and American lend lease - and General Winter).

            The French are like Macs (for lovers and softies), the Russians like Windows (too many to count, but with power in numbers), and the Germans like Unix (elitists, with a hell of a backbone). How hard is that to understand?
            klumper
          • Some credit for the French

            (From north of the Channel!)

            Indeed the French don?t have an outstanding military record over most of the last couple of hundred years. But I think the energy and attitude of societies / nations / tribes waxes and wanes, so that in fairness we should take a long view. A large part of France was ruled from England at one time, but they managed to get it back. Then there was Napoleon. Unnecessary and destructive as his campaigns seem to me, they did demonstrate strong resolve and hard fighting on the part of the French, n?est-ce pas?

            The Iron Duke said Waterloo was hard pounding. And it was fortunate for the British that the Prussians helped out.
            Ross44
          • Fair enough

            There was, after all, Napolean and the Grande Arm?e in the not so distant past. When you think of what the French forces endured on their push to the east, and that harrowing [brutal - tragic] retreat from Moscow (and, like the Germans came to face later, frigid Russian winters beyond the pale), some respect should be shown. That any of those infantry soldiers or cavalry officers made it back alive was nothing short of a miracle, and yet a reasonable percentage did.

            Viva La France! for that monumental escape and escapade.

            Parenthetically, a great great great grandfather of mine survived that ordeal. He originated from the Alsace-Lorraine part of the country. I should add that a number of Grande Arm?e survivors actually ended up settling in central Illinois to farm (and retire) along the banks of the Illinois River, in - surprise, surprise - predominantly German and Swiss settlement areas. Go figure.
            klumper
  • Nothing personal about it

    Spammers forge the return addresses using others on their lists. I run a spamtrap domain and totally bogus addresses in that domain get bounce storms despite having never been used anywhere.

    It's just your turn in the barrel for now.
    Yagotta B. Kidding
    • You're right

      I didn't think through the title here. Probably should have been something like: "Bounce storm is an indirect denial of service attack" or something that made it clear the effect was felt personally (mostly by name withheld) but was not personal.
      murph_z
  • RE: A personal denial of service attack

    I've had the exact same thing happen here. I had to call AT&T to get it cleared up there, which took about 3 days total.

    I feel your pain.
    Badgered
  • On behalf of MCSE Mike's everywhere...

    Paul, I think that the vast majority of techs/geeks out there can relate to MCSE Mike's question at the top of this article. His question and your "attempted" response reveal three potential roadblocks to the wider adoption of Linux that I would appreciate your further commentary upon.

    First, is there any hope in an open source Linux world for the development of a "standard" that holds long enough for newcomers to adapt to it?

    Secondly, if not, and with the myriad of distro variations out there, how can accurate "how to" and "help" documentation ever be developed to assist and welcome newcomers?

    Thirdly, despite all of the hype about the wonderful help available on Linux discussion groups, your tart yet honest response is exactly the attitude I have encountered time and again. So, why do the existing Linux experts and elite (like yourself) persist in ridiculing those who shun Linux, while at the same time you give well meaning newcomers an elitist cold shoulder snubbing when they do make an effort to make the switch? Do you want people to switch or not?

    I do not mean to be too pointed in using the ???elitist label???, but an elitist is someone who both pokes fun at people for not being like they are, and pokes fun at those who strive to be like they are. Like old English nobility. It???s a loose-loose game for everyone but the elitist. So people are treated like idiots for not using Linux, and yet treated like idiots if they try to learn and use Linux and don't know everything already.

    Somewhere along the line someone is going to realize that if you spend so much time trying to convince people that Linux is better, you???re going to have to deal with people actually trying to use/learn Linux.

    I sometimes wonder if many Linux experts like yourself might not be more honest by saying, ???While I continue to use my intellectual superiority to convince you that Linux is better, I really do NOT want any more newbies trying to join our camp right now. Even though the heart of open source is that anyone can come in and learn and contribute, we really HATE slowing down our brains and wasting our precious time teaching you what you could learn yourself if you???d just take the next 5 years to read every Linux forum entry posted since 1980! So lets just save us both a lot of time and pain: choose Linux and hire an existing Linux expert.???

    I???m sure that from your side of the isle it must not look this way. Dose your lordship have the time of day to enlighten us aspiring serfs a little?

    Nathan

    PS: There???s not too much evidence of Linux experts having a very strong sense of humor either. ??? But I hope you will not take this too personally and consider a well thought (non flippant) response. I actually DO respect your knowledge and experience. I just see things from the other side over here a bit clearer than I see yours.
    nhudd
    • Well.. good questions

      1) I'm not an elitist - an arrogant twit, sometimes - but elitist never. Remember that's a term for people who think they're better than you are (i.e. the Kerrys, Obamas, and Gores of the world). Hell, I don't even think I'm smarter - just better educated with respect to computing :) oh, and morally righter, of course...

      2) No, I don't think Linux can stand still for long without dying out. However: shell scripts from 1982 BSD Unix work on SuSe Linux
      today and the core ideas haven't changed much.

      The big visible differences among Linux releases are in implementation things - like where files are kept, root vs sudo, etc and none of those are really more than skin deep.

      Remember with MS you learn release specific key stroke sequences; with Unix you learn principles and then apply them to whatever variant you're using. So if you want to learn Linux, learn basic principles first - then find a release and experiment with it until you understand how that release implements them. After that? everything's easy.

      3) yes there are some people who wish the customer would just go away and quit bothering them. Luckily there are relatively few people in the Unix community who fall into that category.

      So my guess is that you won't get much community help for keystroke style questions because they peg you as uninformed - but lots of help if you try to understand the core ideas and then ask about how they're applied.

      Check out MCSE Mike's question above again in that context and you see he's asking for hand-holding, not education - that's why my response is "terse" -his is a fundamentally anti-Unix question couched in the MS way in the expectation of an MS answer.

      4) good idea - I'll blog about these issues sometime - maybe next week.
      murph_z
      • Why were computers accepted?

        I'll assert a main reason the general population accepted computer use was the GUI. The ability to change complex instructions from words to clicks on visually imformative objects.

        If that's correct, aren't you asserting that using Linux is a regression to times when fewer people were interested enough to make computers work. Back to the hobbyist clubs of Bill Gates and Steve Jobs.

        Here's a quote:

        So if you want to learn Linux, learn basic principles first - then find a release and experiment with it until you understand how that release implements them. After that? everything's easy.

        [End quote.]

        The user is a programmer.

        It's easy enough to see that not many people will be willing to make that kind of effort to use Linux.

        But look at the fact that you're content to make that demand. It's in line with the recommendation that computer users be licensed in order to keep out the (damaging) riff-raff.

        The computer industry exists because people who knew a great deal about computers decided to make it unnecessary for most/almost all other people to know much opf anything at all.

        Aren't you thinking that you at least know better than others how they should use a computer? An elitist has a superior attitude not only about himself, but also about what should be required of other people. For their own good, of course.

        Murph, on this topic you're the person you complain about.
        Anton Philidor
        • No - my answer to a non techie

          is "get a mac".

          MCSE Mike claims to be a techie - and my answer is correct for anyone who wants a technical understanding of Unix.
          murph_z
          • And your answer to a techie...

            ... who wants to get a Linux distribution working is to learn the basic principles of Unix and try to figure out how they're being applied in a particular Linux distribution. You even warned that if he asked a simple question beginning, "How do I..." he'd be mocked.

            Ahm, Murph, do you think "If you have to ask how much it costs you can't afford it." sells the general population? And do you think that's an intrinsically humble question?

            Don't you think your response presupposes a supercilious elite, with you as a member in good standing?

            "... get a Mac." indeed.
            Anton Philidor
    • Put your own house in order...

      Windows is as guilty as Linux in some of the areas you highlighted.

      [i]"First, is there any hope in an open source Linux world for the development of a "standard" that holds long enough for newcomers to adapt to it?"[/i]

      Many Linux and Internet RFCs have version numbers like 0.xxx or 1.xxx because they get settled quickly and stay settled for a long time. OTOH look at the problems people have moving from one version of Office to another, or from one MS-SQL version to another. There was the VBA/VB6/VB.net fiasco a few years ago....


      [i]"Secondly, if not, and with the myriad of distro variations out there, how can accurate "how to" and "help" documentation ever be developed to assist and welcome newcomers?"[/i]

      Like this isn't a problem for MS? Let's do a little counting....
      Vista - 6 Versions + SP1 = 7
      XP - 2 versions + SP1 + SP2 + SP3 = 5
      Win2K, WinMe, Win98SE = 3

      So that's 15 versions of MS [i]desktop[/i] software, now start adding in Windows CE, WIndows Mobile, Windows Server and we're on our way to a couple of dozen.

      Although there are indeed lots of Linux versions, there are really very few used in volume. Most are *niche* and Redhat, SuSE, Ubuntu, Mandriva and PCLinuxOS are the "common" versions.


      [i]"Thirdly, despite all of the hype about the wonderful help available on Linux discussion groups, your tart yet honest response is exactly the attitude I have encountered time and again."[/i]

      I spent yesterday looking at .net code and despite all of the hype about the wonderful help available at MS and MSDN, I found the help available to be rubbish, impenetratable and littered with implicit assumptions. Newsgroups / forums / etc were of little help to me because I lacked a background in .net development yet I needed to understand one small set of programs and their interactions.


      So, when you're moaning about Linux, let me assure you that the view of the MS world from this side of the fence is no more rosy than what you perceive looking in this direction.
      bportlock
      • MS does much of this for you

        Linux is, and probably will forever remain, a steeper and less intuitive learning (and thus adoption) curve for the computing masses. As long as that remains the case, it will remain a niche product, regardless of how good it is, or its potential is.

        For more on why this is, visit the response above yours [Anton's]. Not saying you're not aware of most of this, but it is what it is. When it comes to Joe and Jill PCer, the 'dumbing down' mode and Fisher price GUI beat the famed Linux Easter egg hunt any day.
        klumper
    • The best way to learn Russian

      is to live in Russia.
      fr0thy2