MemeStreams | MemeStreams Discussion

Create an Account

This page contains all of the posts and discussion on MemeStreams referencing the following web page: IBM set to use spam to attack spammers. You can find discussions on MemeStreams as you surf the web, even if you aren't a MemeStreams member, using the Threads Bookmarklet.

IBM set to use spam to attack spammers
by Acidus at 10:25 am EST, Mar 22, 2005

] The paper reports that, using that database, e-mails
] coming from a computer on the spam list are sent directly
] back to the computer, not just the e-mail account, that
] sent them.
]
] "We're doing it to shut this guy down," Stuart McIrvine,
] IBM's director of corporate security strategy, told the
] paper. "Every time he tries to send, he gets slammed
] again."
]
] This anti-spam offering is IBM's first major foray into
] the anti-spam market. Its executives argue that trying to
] capture spam with filters or discard it as quickly as
] possible isn't enough.

... ... But thats exactly what you are doing! You have to ID the email as Spam. Sure you have a Database with IPs or Razor hashes or whatever. But you still have to evaluate the Spam. Once you ID it, how is it faster to send back a message to DoS them than simply discard it. Assuming you even can knock the spammer off with this tactic.

] IBM will have to be careful not to violate anti-hacking
] laws, which prohibit gaining unauthorized entry to a
] remote computer system, even in order to stop it from
] harming yours, according to the paper. But IBM executives
] said their service will not violate that law, nor other
] prohibitions on increasing network traffic under "denial
] of service" rules.
]
] "Yes, we are adding more traffic to the network, but it
] is in an effort to cut down the longer-term traffic,"
] said McIrvine.

... ... This is retarded. First off all I cannot see how this will not violate DoS laws. You are generating traffic for the sole purpose of degrading or denying some target network access. You also assume that this traffic will knock the Spammer offline.

While the article is not clear on how they are DoSing the spammer, most spammers don't have anything running on their host to DoS! He will not have an SMTP server listening for you to half-open TCP to death. Unless they are PING/Smurf/Bouce attacking him, (All layer 3 or 4 attacks) nothing is going to happen. Chances are good the spammer has an asymmetric connection. At worst you will flood his downside pipe. IPTables that only accepts any traffic from the open proxies/zombies the spammer is using would pretty much defeat this.

Am I missing something here or does this not make any sense?

RE: IBM set to use spam to attack spammers
by Decius at 11:31 am EST, Mar 22, 2005

Acidus wrote:
] Am I missing something here or does this not make any sense?

I agree. Its illegal, and it would work much better if they just reflected email to everyone instead of bothered to ID spammers. Mailing lists can request an administrative exception.

Its hard not to sympathize with this kind of stuff though. The government will not get serious about this problem, so people take it into their own hands...