[IP] more on "Rumplestiltskin worm" on the loose?
Begin forwarded message:
From: Rich Kulawiec <rsk@xxxxxxx>
Date: May 11, 2005 2:51:26 PM EDT
To: Brett Glass <brett@xxxxxxxxxx>
Cc: David Farber <dave@xxxxxxxxxx>
Subject: Re: [IP] "Rumplestiltskin worm" on the loose?
What is a "Rumplestiltskin attack?" As described in a paper I wrote
several years ago (where I coined the term for lack of a better
existing
one), it is an e-mail address harvesting attack in which a machine
attempts to send e-mail messages to randomly guessed addresses at
a domain.
Yep, this is a well-known problem within the anti-spam community.
Has been for years.
And blocking port 25 _bidirectionally_ is a recommended best practice
for all consumer ISPs -- well over 90% of the spam/spam attempts logged
here come from the estimated 100M zombies out there which are now
participating in an ongoing global DoS attack via massive spamming.
However, most ISPs refuse to do this. Comcast, for example, has refused
on the grounds that it would cost them too much money. It seems that
they are fully aware of the damage their network is doing to others,
they simply don't wish to do anything about it. And they're far
from alone.
This is one of the _many_ reasons why consumer broadband ISPs are
major spammers. (Note: if it comes from YOUR network: it's YOUR spam.
No excuses.) Oh, they make noises about stopping spam -- but that's
all.
They have completely failed to do what's required of any competent
network
operator -- that is, to disconnect abuse-emitting systems IMMEDIATELY
and keep them that way until repaired and adequately secured against
repeat incidents.
---Rsk
-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
http://v2.listbox.com/member/?listname=ip
Archives at: http://www.interesting-people.org/archives/interesting-people/