] The paper reports that, using that database, e-mails ] coming from a computer on the spam list are sent directly ] back to the computer, not just the e-mail account, that ] sent them. ] ] "We're doing it to shut this guy down," Stuart McIrvine, ] IBM's director of corporate security strategy, told the ] paper. "Every time he tries to send, he gets slammed ] again." ] ] This anti-spam offering is IBM's first major foray into ] the anti-spam market. Its executives argue that trying to ] capture spam with filters or discard it as quickly as ] possible isn't enough. ... ... But thats exactly what you are doing! You have to ID the email as Spam. Sure you have a Database with IPs or Razor hashes or whatever. But you still have to evaluate the Spam. Once you ID it, how is it faster to send back a message to DoS them than simply discard it. Assuming you even can knock the spammer off with this tactic. ] IBM will have to be careful not to violate anti-hacking ] laws, which prohibit gaining unauthorized entry to a ] remote computer system, even in order to stop it from ] harming yours, according to the paper. But IBM executives ] said their service will not violate that law, nor other ] prohibitions on increasing network traffic under "denial ] of service" rules. ] ] "Yes, we are adding more traffic to the network, but it ] is in an effort to cut down the longer-term traffic," ] said McIrvine. ... ... This is retarded. First off all I cannot see how this will not violate DoS laws. You are generating traffic for the sole purpose of degrading or denying some target network access. You also assume that this traffic will knock the Spammer offline. While the article is not clear on how they are DoSing the spammer, most spammers don't have anything running on their host to DoS! He will not have an SMTP server listening for you to half-open TCP to death. Unless they are PING/Smurf/Bouce attacking him, (All layer 3 or 4 attacks) nothing is going to happen. Chances are good the spammer has an asymmetric connection. At worst you will flood his downside pipe. IPTables that only accepts any traffic from the open proxies/zombies the spammer is using would pretty much defeat this. Am I missing something here or does this not make any sense? |