[ale] sometimes whining helps

drifter drifter at oppositelock.org
Mon Feb 15 11:33:45 EST 2010 

Pretty much.  I used the whois database to identify the numeric
address through which the phishing attack traveled. Then I asked politely
(no profanity) for them to stop the phishing and included the
entire email, including headers, and the, almost certainly, infected
zip file. Admins at saix.net obviously were able to decypher the
headers and locate the offending sub domain and the individual computer.

I fully understand the downside is a potential attack on my own
computer.

But what if, just to be suposin', ISP's were flooded with demands from
tens of thousands of Joe Computer Users to choke off the spam? Every
Day?

Right now the spam and phishing attacks pass through ISPs because it is
easier to pass it through than try to choke it off. I ruminate on this while
understanding the difficulties involved -- at least some of them. :) I really
dislike Earthlink's methodology for dealing with spam -- reject all mail 
from all addresses except those on a white list.  When an Earthlink user
writes me and asks for help and my email response bounces back because
my address isn't "approved," I just delete the response. But I certainly do
not have a better solution. I wish I did.

I suspect, without ANY direct knowledge, that most of the spam and phishing 
attacks I receive daily come from botnets.  Is it possible for ISPs to
identify the upload pattern of infected computers and choke them off
before the spam can get out the door? The "Fuzzy Logic" used by my credit
card companies to detect suspicious behavior works fairly well. Would some-
thing similar work to detect suspicious email behavior? I don't know.

I do know that millions of computer users are not knowledgeable or
suspicious enough to detect some of the well-crafted phishing attacks cast
upon the Internet daily. That means that hundreds, if not thousands, of
computers are being added to botnets daily.  It's a frightening thought.

Sean



On Monday 15 February 2010 10:40:25 Jim Popovitch wrote:
> On Mon, Feb 15, 2010 at 10:38, Jim Popovitch <jimpop at gmail.com> wrote:
> > On Mon, Feb 15, 2010 at 09:22, drifter <drifter at oppositelock.org> 
wrote:
> >> Last week I bitched to saix.net that I was tired of the spam
> >> coming from one of their servers. I also suggested to my ISP
> >> that perhaps they might cut off the entire domain.
> >> I'm not certain which whiney letter did the trick, but I actually
> >> got a response back from saix.net that identified the spamming
> >> user. It will be interesting to see if telkomsa (the sub domain
> >> providing service to the offending computer) actually reports
> >> back to me on what they have done to deal with the spam.
> >
> > Speakeasy is no more likely to block all of South Africa than Comcast
> > would be inclined to block all of Europe.    It doesn't work like
> > that. ;-)
> 
> Just for clarity, when you say "bitched" do you mean follow the
> instructions on this page:
>           http://www.saix.net/cgi-bin/saix_contacts.pl
> 
> -Jim P.
> 
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>

More information about the Ale mailing list