General discussion

  • Creator
    Topic
  • #2179097

    DoS against spammers

    Locked

    by just_chilin ·

    Is it ethical to launch a DoS against a spamming website such as those claimin to sell viagra and other drugs?
    I keep getting endless amounts of email every other minute and I don’t think it is fair.

All Comments

  • Author
    Replies
    • #3137148

      Depends

      by beads ·

      In reply to DoS against spammers

      Its still considered fairly unethical to launch a DoS attack and probably wouldn’t be very effective if its just yourself, hence a single ‘D’. Now a Distributed (meaning many) Denial of Service attack might make a dent but the coordination could be very difficult. Legal? Yes. Ethical? No, absolutely, not.

      Creating any sort of DoS/DDoS attack simply puts you at the same ethical level as the people your trying to hurt. Besides if you think your the first to try this you wouldn’t be the first to attempt such an attack. A simple IPS will immediately recognize the attack for what it is and simply shun your packets causing little if any real distruption.

      What you “could” do is to carefully identify the email server(s) and spam the crap out of them to see if they accept incomming email. Telnet sessions, et. al. also tie up more resources but I am not giving anyone the green light to do anysuch thing!

      Heres a nice book for you to look up with some helpfull and legal ways to deal with such activity: Aggresive Network Self-Defense by Archibald, et. al. Syngress Press.

      The ethical thing to do would be to simply blacklist the offender(s) from your firewall, email servers, IPS, IDS, etc. You can also change your email address fairly frequently and don’t post your email address where the spiders are going to find it.

      – beads

      • #3137088

        Suppose

        by dr dij ·

        In reply to Depends

        people start doing alot of DoSing based on spam. Then if you ticked me off or your company did, or for any other reason I wanted to, I’d send out spam with fake return address to your company, advertizing your company in some obnoxious manner and wait for inet vigilantes to wrongly ‘hang’ your company in a DDos attack. So it is STUPID to do this, as just about any email can be faked.

        Maybe you’re playing pawn to a rival viag!ra website that wants to take its competitor down. Leave it to law enforcement to (maybe eventually?) do something. Seems we need a technical solution to some degree to prevent spam and prosecute those who spam.

        I’m particularly PO’d at people suggesting vigilante action because they don’t have the resources to verify that the email actually came from where the return address says it does, and it is trivial to fake return address (and even IP address).

        I’m victim of spammers who use my domain name as it is short, to send out spam. I get a bunch of ‘returned’ emails, which to me constitute spam by themselves as I never emailed ANYTHING to the websites that are telling me the email was rejected for some reason. Even some ‘expert’ who sells and maintains a bad domain list put my domain on it for some idiotic reason (he’d seen some of the fake-spam).

        Doesn’t particulary matter to me as I don’t send out email, simply use it for incoming email, but the idea that 1) someone would smear my domain, and 2) that someone else would be dumb enuf to not check that it was actually from my domain ticks me off!

        And no, I don’t have spyware, and my server has not been breached. The accounts that the spammers use at my domain are not even defined.

        • #3137067

          True dat! But

          by just_chilin ·

          In reply to Suppose

          in your opinion, we should just leave all spammers alone?

        • #3131377

          If you could

          by dr dij ·

          In reply to True dat! But

          really identify them… which would probably take lots of detective work and subpeonas to ISPs and much more since they’d be mostly zombies.

          I got 150 ‘delivery failure notifications’ last nite. not ONE of these was actually from me or my domain’s email server.

          I’d be rightfully ticked if you started ddosing me based on fake return addresses. my website doesn’t even sell anything, just some pix and text.

Viewing 0 reply threads