The fatal flaw in this logic is that, most spammers are using other peoples 0wn3d boxes and thus there is no cost to them. Other than perhaps not sending as much mail. So maybe they make a smaller profit, but when you have a zero cost business and everything is 99.94% pure profit, a smaller profit isn't a big deal. This probably won't work.
-----Original Message----- From: James Sissel
I heard about this from the register (www.theregister.co.uk) Monday and download the software. It's great. As of this morning over 90,000 users were hitting back at the spammers. The idea is to make it too costly for them to run their sites and they close up shop. I don't see how this will slow the web down in the long run. If we could just close one of them down the amount of spam that stops will more than offset the traffic caused by this effort.
This method looks like it is being accepted by the general public. I only hope that something positive comes about from it and not just more net slow-downs in the long run.
Spammers get taste of their own medicine http://news.ft.com/cms/s/cd592a7a-433e-11d9-bea1-00000e2511c8.html
Kclug mailing list [email protected] http://kclug.org/mailman/listinfo/kclug
On Wed, Dec 01, 2004 at 01:20:22PM -0600, Brian Densmore wrote:
The fatal flaw in this logic is that, most spammers are using other peoples 0wn3d boxes and thus there is no cost to them.
Of course, if the zombie computers attract too much attention from the ISP in terms of bandwidth or such, the zombies could be shutdown that way. Not nice, but effective.
I couldn't get to the initial article. That said, a solution like sa-exim's teergrubing isn't a bad idea either.
Jeremy
On Wed, 1 Dec 2004 13:40:25 -0600, Jeremy Turner [email protected] wrote:
Of course, if the zombie computers attract too much attention from the ISP in terms of bandwidth or such, the zombies could be shutdown that way. Not nice, but effective.
I couldn't get to the initial article. That said, a solution like sa-exim's teergrubing isn't a bad idea either.
Ich möchte Teergruben! The beautiful thing about it is that it doesn't shut anything down, b u t b y s l o w l y t h r o t t l i n g b a c k t h e s p e e d .... it ties up the resources of the spambot so it can't send out tons of email in a short amount of time, which is its entire purpose. The business model for spammers absolutely depends on sending out millions of emails to get a handful of hits. If we can just s l o w them down, it will affect them. If the infected machine gets noticed because it's no longer functioning, so much the better. (I shut down an open relay for a customer who had noticed the system was running slowly, so it can happen!)
But you aren't hitting the computers sending the spam. This is not a way to prevent you from getting spam. What you are hitting are the servers the spam wants you to visit to buy the latest male organ growth creme or whatever. If we shut them down then the spammers won't have a product to spam us with. We are attacking the ultimate source of the spam, not the spam itself.
The fatal flaw in this logic is that, most spammers are using other peoples 0wn3d boxes and thus there is no cost to them. Other than perhaps not sending as much mail. So maybe they make a smaller profit, but when you have a zero cost business and everything is 99.94% pure profit, a smaller profit isn't a big deal. This probably won't work.
I heard about this from the register (www.theregister.co.uk) Monday and download the software. It's great. As of this morning over 90,000 users were hitting back at the spammers. The idea is to make it too costly for them to run their sites and they close up shop. I don't see how this will slow the web down in the long run. If we could just close one of them down the amount of spam that stops will more than offset the traffic caused by this effort.
This method looks like it is being accepted by the general public. I only hope that something positive comes about from it and not just more net slow-downs in the long run.
Spammers get taste of their own medicine http://news.ft.com/cms/s/cd592a7a-433e-11d9-bea1-00000e2511c8.html
James Sissel wrote:
But you aren't hitting the computers sending the spam. This is not a way to prevent you from getting spam. What you are hitting are the servers the spam wants you to visit to buy the latest male organ growth creme or whatever. If we shut them down then the spammers won't have a product to spam us with. We are attacking the ultimate source of the spam, not the spam itself.
Couldn't this be used as a cheap way to DDoS someone? E.g. if I were upset with the incompetent inventory control at my local hardware store, could I send out a pile of spam linking to www.mylocalhardwarestore.com and watch as their web site slows to a crawl?
True, except the Lycos people are very careful and are using a database of well know spammers. Visit their website to get more information.
http://www.makelovenotspam.com
Couldn't this be used as a cheap way to DDoS someone? E.g. if I were upset with the incompetent inventory control at my local hardware store, could I send out a pile of spam linking to www.mylocalhardwarestore.com and watch as their web site slows to a crawl?
-
Brian Densmore -
Gerald Combs -
James Sissel -
Jeremy Turner -
Monty J. Harder