Weekly Edition
Return to the Press page
| |||||||||||||
Spam Sites Crippled by Lycos Screensaver DDoS (Netcraft)
Netcraft
is reporting some initial success by a controversial Lycos
MakeLoveNotSpam screensaver, which attacks spammer sites.
"A distributed denial of service (DDoS) attack launched by users of Lycos Europe's MakeLoveNotSpam.com screensaver has succeeded in crippling several spammer sites, but some of the targeted sites remain available.
While Internet users debate the ethics of the initiative, Lycos Europe is denying reports that the MakeLoveNotSpam site was hacked and defaced last night. An intrusion by hackers would be a serious concern for an operation that controls an army of computers with DDoS capabilities. The site has been unreachable today, which could be related to traffic from Slashdot rather than a counterattack."
(Log in to post comments)
Spam Sites Crippled by Lycos Screensaver DDoS (Netcraft) Posted Dec 2, 2004 18:05 UTC (Thu) by JoeBuck (subscriber, #2330) [Link] It's only a matter of time before the spammers send out spams telling people to, say, sign up for a cheap home mortgage at Lycos's site, so that Lycos' screen saver will attack Lycos. It's a war, and the bad guys will respond to every move with a counter-move.
Spam Sites Crippled by Lycos Screensaver DDoS (Netcraft) Posted Dec 2, 2004 18:07 UTC (Thu) by juzza (guest, #23020) [Link] Internet World War 1.
Just what we need... *sigh*
Spam Sites Crippled by Lycos Screensaver DDoS (Netcraft) Posted Dec 2, 2004 18:36 UTC (Thu) by ncm (subscriber, #165) [Link] The netcraft report seems to confuse matters. In the original announcement, it was carefully noted that the purpose of the screen saver was not to knock out the sites, but to cost them more money (for bandwidth) than they could recoup from the, er, customers. It said clearly that they meant to throttle the activity so as not to make the target sites entirely inaccessible. Maybe they failed, in the cases netcraft cites, or maybe they were successful and exceeded the sites' prepaid bandwidth caps. In the latter case, the owners would have declined to pay for more bandwidth, and thus might reasonably be said, by Lycos, to have taken their own sites down. (An ISP that bills a spammer site "net 30" deserves to be stiffed.)
I doubt that spammers can make the screen saver attack Lycos by straightforward means. However, it seems likely that a spammer's zombie network might end up hosting several thousand copies of the screen saver, which would then be subject to compromise and be made to attack other targets, and Lycos would be blamed. Or, the zombies might just be made to pretend to be running the screensaver, regardless of whether it has been loaded, and attack targets of the spammers' choice, with blame falling again on Lycos.
Spam Sites Crippled by Lycos Screensaver DDoS (Netcraft) Posted Dec 2, 2004 19:05 UTC (Thu) by dskoll (subscriber, #1630) [Link] Or, the zombies might just be made to pretend to be running the screensaver...Or the spammers will install Web servers on the zombies to serve their content, giving them a vast distributed network of Web servers that is extremely robust against a DDoS attack.
Spam Sites Crippled by Lycos Screensaver DDoS (Netcraft) Posted Dec 2, 2004 19:14 UTC (Thu) by keithw (guest, #3127) [Link] And thus avoid paying for their regular bandwidth as well... Lycos' screensaver ends up saving spammers money...
Spam Sites Crippled by Lycos Screensaver DDoS (Netcraft) Posted Dec 2, 2004 20:02 UTC (Thu) by ncm (subscriber, #165) [Link] It would be fun to make some convenient zombie box that was also serving web pages enter fake orders. Lots and lots of fake orders. How long does it take for an unprotected SP1 to get "recruited"? Four minutes, now?
Spam Sites Crippled by Lycos Screensaver DDoS (Netcraft) Posted Dec 2, 2004 22:36 UTC (Thu) by NapalmLlama (guest, #26327) [Link] Yeah, that's pretty much what I said earlier. It is the obvious step for spammers to take - take the partnership with virus writers that one stage further.All wars have collateral damage, and the only difference with the internet's wars is that the damage is to innocent consumer's monthly bills.
Spam Sites Crippled by Lycos Screensaver DDoS (Netcraft) Posted Dec 2, 2004 22:57 UTC (Thu) by pflugstad (subscriber, #224) [Link] I think they're doing this already. I recall reading on NANOG about spammers advertising sites that are "unkillable" or some such. Some NANOGers looked into it and essentially the spammers are using the zombies either as web servers or web proxies - DNS name for target gets updated on a minute by minute basis or some such (long list of alternate IPs for web site, each is a zombie). It was fairly sophisticated and would be quite difficult to stop.
Spam Sites Crippled by Lycos Screensaver DDoS (Netcraft) Posted Dec 3, 2004 21:48 UTC (Fri) by rmini (subscriber, #4991) [Link] DNS DDOS, then.
Spam Sites Crippled by Lycos Screensaver DDoS (Netcraft) Posted Dec 9, 2004 13:19 UTC (Thu) by copsewood (subscriber, #199) [Link] No. Not the way to do it. DNS enquiries are cached all over the world. Todefeat a DDOS on a DNS server for a domain, all the spammer has to do is increase the TTL until the content server can handle the load.
Spam Sites Crippled by Lycos Screensaver DDoS (Netcraft) Posted Dec 9, 2004 13:26 UTC (Thu) by copsewood (subscriber, #199) [Link] >It was fairly sophisticated and would be quite difficult to stop.
To stop it you would have to get the ISP handling the IP for the spammers DNS server to pull that DNS server off the network, or get the ISPs upstream provider to block that IP address if the ISP takes too long to respond. If the spammer running this DNS server sent out responses to all enquiries prior to the DNS server being shut down with a long TTL, this would determine a window of opportunity for this crack to continue working. Does DNS have a maximum value for TTL on A records ? The problem is then the cached copies of these records and how long it takes for these to be dropped by the DNS caches.
Updates Posted Dec 2, 2004 20:07 UTC (Thu) by kasperd (guest, #11842) [Link] Seems this story was outdated already when it was posted here on lwn. An update was available on netcraft already by the time this story appeared. And the next update is also ready.
Spam Sites Crippled by Lycos Screensaver DDoS (Netcraft) Posted Dec 2, 2004 22:25 UTC (Thu) by a_hippie (guest, #34) [Link] "http://news.netcraft.com/archives/2004/12/02/lycos_screen..."
Being a cox.net customer, I have to confess that I despise being forced out from visiting the "makelovenotspam.com" website. I used ssh to connect to a friend's system on another network and was able to see the site using the links browser. Google is not caching the site.
I think there is something intrinsically wrong with cox's behavior. Worse, I now wonder how many other blackholes have been installed to protect me from the outside world?
Damn them.
Blocked routing to makelovenotspam.com Posted Dec 3, 2004 3:41 UTC (Fri) by Duncan (guest, #6647) [Link] From ph.ph.cox.net (phoenix), a tracepath shows that it's not Cox doingthe blocking as it gets out of the cox.net domain just fine, but rather level3.net, one of the backbones, some of which are blocking it. It switches from cox to bbnplanet to level3 all here in Phoenix, heads on level3 to San Jose, and the last returning hop is the second one in San Jose, so<number>.edge1.sanjose1.level3.net. No reply from anything beyond that. Anyway, it doesn't seem to be Cox, but level3, the backbone. Duncan
|
|||||||||||||