Headline FeedsE-Commerce Times Talkback
|
|
See Full Story
Small businesses that depend heavily on the Web and e-mail to market products are increasingly caught in a spam squeeze. Hackers and spammers hijack their PCs -- and then Internet providers wrongly shut down the victims' e-mail. When Tim Graf mistakenly opened an e-mail greeting card recently, it contained a virus that not only turned his PC into a spamming machine that spit out thousands of male-enhancement ads overnight but got him booted from America Online, his e-mail service.
Re: Spam Can Hurt in More Ways Than One
Posted by: minas-beede 2004-07-10 15:49:56 In reply to: Jon Swartz
The key is to be secure but to look to the spammers as though you are insecure. Then you don't get blacklisted, don't serve as a conduit for spam, do look like you are a conduit for spam. You trap the spam, you see if the spam came from what looks to be the spammer's IP address, you report the spammer if the ISP is half-way reputable.
For open relays that means be an open relay honeypot. For open proxies that means be an open proxy honeypot. For both there's no need for a system to be a SMTP server nor a proxy server. IT JUST NEEDS TO LOOK TO THE SPAMMERS LIKE IT IS ONE. It can be an old box with no other purpose at all, if it has an IP address (or is behind a personal firewall and has the appropriate packet types directed to it. If you don't run an SMTP server then you can send the port 25 packets to another system from the one you use.)
If you can do the same for spammer zombie abuse: do it. If you're an ISP, use traffic analysis to find the abused systems in your IP space and then trace the source of the abuse (you control the network, you can see the source of the packets to the abused IP without having any access to the system itself.)
Many times you can do this in a way such that the spammer doesn't even know what hit him. That means that once he again gains access to the net he may make the same mistake again and get hit again. Ignoring everything else, doesn't it sound like actual fun to be giving the spammers grief this way? Don't you want the net to be hostile to spammers? Start with your own connection: make abuse of it hurt. Attempted abuse, that is: you control the system, the abuse fails.
For open relays that means be an open relay honeypot. For open proxies that means be an open proxy honeypot. For both there's no need for a system to be a SMTP server nor a proxy server. IT JUST NEEDS TO LOOK TO THE SPAMMERS LIKE IT IS ONE. It can be an old box with no other purpose at all, if it has an IP address (or is behind a personal firewall and has the appropriate packet types directed to it. If you don't run an SMTP server then you can send the port 25 packets to another system from the one you use.)
If you can do the same for spammer zombie abuse: do it. If you're an ISP, use traffic analysis to find the abused systems in your IP space and then trace the source of the abuse (you control the network, you can see the source of the packets to the abused IP without having any access to the system itself.)
Many times you can do this in a way such that the spammer doesn't even know what hit him. That means that once he again gains access to the net he may make the same mistake again and get hit again. Ignoring everything else, doesn't it sound like actual fun to be giving the spammers grief this way? Don't you want the net to be hostile to spammers? Start with your own connection: make abuse of it hurt. Attempted abuse, that is: you control the system, the abuse fails.
