General discussion


DoS against spammers

By just_chilin ·
Is it ethical to launch a DoS against a spamming website such as those claimin to sell viagra and other drugs?
I keep getting endless amounts of email every other minute and I don't think it is fair.

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -


by beads In reply to DoS against spammers

Its still considered fairly unethical to launch a DoS attack and probably wouldn't be very effective if its just yourself, hence a single 'D'. Now a Distributed (meaning many) Denial of Service attack might make a dent but the coordination could be very difficult. Legal? Yes. Ethical? No, absolutely, not.

Creating any sort of DoS/DDoS attack simply puts you at the same ethical level as the people your trying to hurt. Besides if you think your the first to try this you wouldn't be the first to attempt such an attack. A simple IPS will immediately recognize the attack for what it is and simply shun your packets causing little if any real distruption.

What you "could" do is to carefully identify the email server(s) and spam the crap out of them to see if they accept incomming email. Telnet sessions, et. al. also tie up more resources but I am not giving anyone the green light to do anysuch thing!

Heres a nice book for you to look up with some helpfull and legal ways to deal with such activity: Aggresive Network Self-Defense by Archibald, et. al. Syngress Press.

The ethical thing to do would be to simply blacklist the offender(s) from your firewall, email servers, IPS, IDS, etc. You can also change your email address fairly frequently and don't post your email address where the spiders are going to find it.

- beads

Collapse -


by Dr Dij In reply to Depends

people start doing alot of DoSing based on spam. Then if you ticked me off or your company did, or for any other reason I wanted to, I'd send out spam with fake return address to your company, advertizing your company in some obnoxious manner and wait for inet vigilantes to wrongly 'hang' your company in a DDos attack. So it is STUPID to do this, as just about any email can be faked.

Maybe you're playing pawn to a rival viag!ra website that wants to take its competitor down. Leave it to law enforcement to (maybe eventually?) do something. Seems we need a technical solution to some degree to prevent spam and prosecute those who spam.

I'm particularly PO'd at people suggesting vigilante action because they don't have the resources to verify that the email actually came from where the return address says it does, and it is trivial to fake return address (and even IP address).

I'm victim of spammers who use my domain name as it is short, to send out spam. I get a bunch of 'returned' emails, which to me constitute spam by themselves as I never emailed ANYTHING to the websites that are telling me the email was rejected for some reason. Even some 'expert' who sells and maintains a bad domain list put my domain on it for some idiotic reason (he'd seen some of the fake-spam).

Doesn't particulary matter to me as I don't send out email, simply use it for incoming email, but the idea that 1) someone would smear my domain, and 2) that someone else would be dumb enuf to not check that it was actually from my domain ticks me off!

And no, I don't have spyware, and my server has not been breached. The accounts that the spammers use at my domain are not even defined.

Collapse -

True dat! But

by just_chilin In reply to Suppose

in your opinion, we should just leave all spammers alone?

Collapse -

If you could

by Dr Dij In reply to True dat! But

really identify them... which would probably take lots of detective work and subpeonas to ISPs and much more since they'd be mostly zombies.

I got 150 'delivery failure notifications' last nite. not ONE of these was actually from me or my domain's email server.

I'd be rightfully ticked if you started ddosing me based on fake return addresses. my website doesn't even sell anything, just some pix and text.

Related Discussions

Related Forums