Sue your ISP for DoS attack (was Re: [linux-elitists] dealing with Swen)

Karsten M. Self kmself@ix.netcom.com
Thu Sep 25 16:13:49 PDT 2003


on Thu, Sep 25, 2003 at 06:50:42PM -0400, Jay Sulzberger (jays@panix.com) wrote:
> 
> 
> On Thu, 25 Sep 2003, Karsten M. Self wrote:
> 
> > on Tue, Sep 23, 2003 at 07:13:26PM +0100, Geoff Lane (zzassgl@buffy.sighup.org.uk) wrote:
> > >
> > > As far as I can tell, in dealing with the Swen storm, the general
> > > recommendation of the list is to just accept and /dev/null the worm emails
> > > via .procmail or some other local filter.
> > >
> > > The reasons are
> > >
> > > 	* responding in any manner just multiples emails without any
> > > 	corresponding reduction in the trash emails.
> > >
> > > 	* using the sendmail access.db (or equivalent in other MTAs) to 550
> > > 	incoming Swen email is not helpful if your machine uses a peer mail
> > > 	router as the down line machine will just generate a "cannot
> > > 	deliver" message and direct it to the apparent sender (I'm guessing
> > > 	that a store&forward model is used by the MTA in this instance.)
> > >
> > > Correct?
> > >
> > > Much as I hate to do it, if accepting and /dev/null'ing 200Mb of trash email
> > > a day helps, that's what I'll do (I'm on a wires only, unmetered ASDL line
> > > so it's not much of a hardship. But I really want to LART _somebody_.)
> > >
> > > (Time for a class action against Microsoft for supplying gratuitously
> > > insecure operating systems and applications without a modicum of ring
> > > fencing to prevent involuntary, antisocial behaviour when connected to a
> > > network.)
> >
> > Yes.  Emphatically yes, but I'd like to make a second suggestion.
> >
> > However, since receiving *900* spams, Swen posts, and associated viral
> > crud (this is what's in my Spam folder, I haven't analyzed the contents
> > yet though eyeball says it's mostly Swen), between 0500 and 1530 today,
> > more than a week after this crap started, and after I've *already*
> > posted to my ISP a request that this crap be blocked.  That's 125 MiB of
> > mail.  Dialup eamil is *dead*.  Not server based.  Dialup pop cannot
> > handle this crap.
> >
> > I'm seriously considering suing my own ISP for a DoS attack.  They can
> > pick this crap out and dump it.  Why don't they?

> Do not sue.  Design, build, sell a better email system.

Jay, I'm a firm believer in both carrot *and* stick.  The better systems
exist.  They aren't being implemented.  ELNK specifically is chasing
some very wrong ideas:  C-R.

My current problem really *isn't* spam.  60 messages a day are
tolerable.  Double that isn't significantly worse.  1000, 2000, or more
messages daily, at hundreds of MiB, over dialup, is simply infeasible.
A simple scan for content will eliminate this problem at the pass.

That's what I'm looking for.

Peace.

-- 
Karsten M. Self <kmself@ix.netcom.com>        http://kmself.home.netcom.com/
 What Part of "Gestalt" don't you understand?
   Reading is a right, not a feature
     -- Kathryn Myronuk                           http://www.freesklyarov.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://allium.zgp.org/pipermail/linux-elitists/attachments/20030926/2de4722e/attachment.pgp 


More information about the linux-elitists mailing list