#This goes beyond spam and the resources that many mail servers are
#using. These attacks are being directed at anti-spam organizations
#today. Where will they point tomorrow? Many forms of breaking through
#network security require that a system be DOS'd while the crime is being
#committed. These machines won't quiet down after the blacklists are shut
#down. They will keep attacking hosts. For the US market, this is a
#national security issue. These systems will be exploited to cause havoc
#among networks of all types and sizes; governmental and commercial.
Note that not all DNSBLs are being effectively hit. DNSBLs which run with
publicly available zone files are too distributed to be easily taken down,
particularly if periodic deltas are distributed via cryptographically
signed Usenet messages (or other "push" channels). You can immunize DNSBLs
from attack, *provided* that you're willing to publicly distribute the
contents of those DNSBLs.
And when it comes to dealing with the sources of these attacks, we all
know that there are *some* networks where security simply isn't any sort of
priority. (For example, make it a practice to routinely see what ISPs
consistently show up highly ranked on incident summary sites such as
Maybe the folks running those networks are overworked and understafffed,
maybe they have legal constraints that limit what they can do, maybe their
management just don't care as long as they keep getting paid. Who knows?
Whatever the reason, no one is willing to depeer them or filter their
routes, so they really are free to do absolutely *nothing* about
vulnerable hosts or abusive customers.
There are absolutely *no* consequences to their security inactivity, and
because of that, none of us should be surprised that the problem is
becoming a worsening one.
Joe St Sauver (firstname.lastname@example.org)
University of Oregon Computing Center