Sue your ISP for DoS attack (was Re: [linux-elitists] dealing with Swen)

Jay Sulzberger jays@panix.com
Thu Sep 25 16:35:46 PDT 2003



On Fri, 26 Sep 2003, Karsten M. Self wrote:

> on Thu, Sep 25, 2003 at 06:50:42PM -0400, Jay Sulzberger (jays@panix.com) wrote:
> >
> >
> > On Thu, 25 Sep 2003, Karsten M. Self wrote:
> >
> > > on Tue, Sep 23, 2003 at 07:13:26PM +0100, Geoff Lane (zzassgl@buffy.sighup.org.uk) wrote:
> > > >
> > > > As far as I can tell, in dealing with the Swen storm, the general
> > > > recommendation of the list is to just accept and /dev/null the worm emails
> > > > via .procmail or some other local filter.
> > > >
> > > > The reasons are
> > > >
> > > > 	* responding in any manner just multiples emails without any
> > > > 	corresponding reduction in the trash emails.
> > > >
> > > > 	* using the sendmail access.db (or equivalent in other MTAs) to 550
> > > > 	incoming Swen email is not helpful if your machine uses a peer mail
> > > > 	router as the down line machine will just generate a "cannot
> > > > 	deliver" message and direct it to the apparent sender (I'm guessing
> > > > 	that a store&forward model is used by the MTA in this instance.)
> > > >
> > > > Correct?
> > > >
> > > > Much as I hate to do it, if accepting and /dev/null'ing 200Mb of trash email
> > > > a day helps, that's what I'll do (I'm on a wires only, unmetered ASDL line
> > > > so it's not much of a hardship. But I really want to LART _somebody_.)
> > > >
> > > > (Time for a class action against Microsoft for supplying gratuitously
> > > > insecure operating systems and applications without a modicum of ring
> > > > fencing to prevent involuntary, antisocial behaviour when connected to a
> > > > network.)
> > >
> > > Yes.  Emphatically yes, but I'd like to make a second suggestion.
> > >
> > > However, since receiving *900* spams, Swen posts, and associated viral
> > > crud (this is what's in my Spam folder, I haven't analyzed the contents
> > > yet though eyeball says it's mostly Swen), between 0500 and 1530 today,
> > > more than a week after this crap started, and after I've *already*
> > > posted to my ISP a request that this crap be blocked.  That's 125 MiB of
> > > mail.  Dialup eamil is *dead*.  Not server based.  Dialup pop cannot
> > > handle this crap.
> > >
> > > I'm seriously considering suing my own ISP for a DoS attack.  They can
> > > pick this crap out and dump it.  Why don't they?
>
> > Do not sue.  Design, build, sell a better email system.
>
> Jay, I'm a firm believer in both carrot *and* stick.  The better systems
> exist.  They aren't being implemented.  ELNK specifically is chasing
> some very wrong ideas:  C-R.
>
> My current problem really *isn't* spam.  60 messages a day are
> tolerable.  Double that isn't significantly worse.  1000, 2000, or more
> messages daily, at hundreds of MiB, over dialup, is simply infeasible.
> A simple scan for content will eliminate this problem at the pass.
>
> That's what I'm looking for.
>
> Peace.
>
> --
> Karsten M. Self <kmself@ix.netcom.com>        http://kmself.home.netcom.com/

Which ISPs offer the service you want?

oo--JS.



More information about the linux-elitists mailing list