[ISN] Hackers exploit Korea to attack global systems

Mailman List Mirror (Read Only)
1

Hmm speaking of the Asian rim:

2

Some foreign servers block access attempts whose origins are traced to
Korea, implying that the country's leadership in the broadband
Internet business may be marred by its negligence in upgrading lame
security protection systems, the center said.

No kidding. Some of us have gotten so tired of spam from Korea, both
stuff relayed from the west and Korean-language spam promoting Korean
web sites, combined with the complete lack of response to all abuse
reports, that we've blocked all mail from Korean networks.

As an experiment, I set up an RBLish blocking list at
korea.services.net. It lists all the APNIC space assigned to Korea (I
think, APNIC's records are sloppy) along with any ARIN space assigned
to Korea that's come to my attention due to being spammed from it. It
blocks a lot of spam, with very little collateral damage for me since
despite having books in print in Korean in Korea, nobody ever writes
to me from there.

I've told people they can use it informally, and it now gets about 5
hits per second, up from 3 a few weeks ago. The blocking message
points at a web page explaining why I'm blocking mail, with an
unblocked address to write to me, so I get about one message a week
from Korean sysadms saying "I fixed my open relay, please unblock my
/32 now". I write back and say it's not just them, their entire ISP
is blocked due to unresponsiveness. I hope someday they'll clean up
their act enough to stop blocking them, but I'm not holding my breath.

Anyone's welcome to use it informally. There's no SOA and no zone
transfers since it's running rbldns, not bind, but you can check
dig 3.0.0.127.korea.services.net to see how it works.

3

It extends beyond spam. We run a fairly high-volume website for a client
that has a members area. We have seen nothing but continuous DOS and password
scanning attempts against the site(on the order of several thousand per
second) from numerous points across Korean IP space to the point that
we've begun blackholing all of it as soon as these attacks begin(several a
day.)

Scary stuff.

/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\
                               Patrick Greenwell
         Asking the wrong questions is the leading cause of wrong answers
\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/