[Dshield] Re: Dshield digest, Vol 1 #493 - 16 msgs

Peter Feltham peter at intelligentorgs.com
Tue Mar 5 15:53:21 GMT 2002

At 09:22 05/03/2002 -0500, Dave Brookshire made my day and wrote:

>Message: 10
>From: dsb at rlx.com
>To: list at dshield.org
>Subject: RE: [Dshield] Kornet.Net
>Date: Tue, 5 Mar 2002 02:15:14 -0600
>Reply-To: list at dshield.org
>Funny that you should ask--here's a link to a story posted this evening on
>slashdot about a group of Chinese legislators feeling the pressure.
>Understand that these are not the results of the pressure placed upon that
>region by DShield alone, but also by a number of varied groups, most noted
>(in the article) being SPAM blackholes.


>"A group of Chinese legislators is calling for the blocks to be lifted
>because they're making it difficult for them to communicate via e-mail, and
>a signed article in The People's Daily is calling on China to ban spam."
>When you think about it, that's pretty fantastic.
>Now let the reality sink in for a moment, and understand that this story, or
>the petition signed by Chinese lawmakers, etc... doesn't mean squat.  Are we
>guaranteed that this will solve the problem--no, obviously not.  However it
>is simply a very visible reaction to the pressures being brought to bear on
>these entire regions, and, if nothing else, makes me inclined to think that
>we may be doing something right, or at least, on the right track.

Absolutely! This is great - thanks for sending that URL, Dave.

However, until they tell the Taiwanese, Chinese, Philippino, Japanese, and
the South Americans etc etc (insert your own list) to sort out their servers
and make them more secure - not to mention stop port-scanning the
entire Net for Trojan backdoors to exploit, then they will remain blocked 
Both on the firewall, and on the mail-servers.

Here, for example, is a grinning script-kiddie off Hinet, trying to punch 
into the BrownOrifice Trojan ports:

02/05/02  09:45:08 n 
deny   in   eth0    44        tcp     20        48 
x.y.143.2    25        8787      syn ack (blocked 
02/05/02  09:45:11 n 
deny   in   eth0    40        tcp     20        48 
x.y.143.2    25        8787      ack (blocked 
02/05/02  09:45:17 n 
deny   in   eth0    44        tcp     20        48 
x.y.143.2    25        8787      syn ack (blocked 
02/05/02  09:45:17 n 
deny   in   eth0    69        tcp     20        48 
x.y.143.2    25        8787      psh ack (blocked 
02/05/02  09:45:20 n 
deny   in   eth0    69        tcp     20        48 
x.y.143.2    25        8787      psh ack (blocked 

One result of which is that I block all addresses of Hinet, Kornet, and 
many others as policy.

They can whine all they want, but if more of us just blacked them out we 
may just - in the end - make the point that to be present on the Internet 
is both a right and a responsibility. They need to raise their game to the 
point where they are treated with respect rather than hatred, and it's as 
simple as that.

The amount of spam relayed through their networks has caused harm to their 
country's reputation, as I tried to point out to an Ambassador recently, 
but was prevented from doing so by his staff. I guess the Ambassador only 
does professional smiling, and is never exposed to real-world problems? 
Fine: blacklisted.

However they do have one point: a lot of spam is relayed through their 
servers because they are wide-open to relay by spammers in *other* 
countries - including the USA as well as many others.

However this lack of Clue is precisely *why* their addresses are being 

It's good news: let's up the pressure more and more until they realise the 
harm being done to themselves by their lack of action to any complaints.

And don't get me started about APNIC, KRNIC, and all that load of organ 
grinders. Now the Australians have got jealous and want their own one, 
called AUNIC. Only, just like all the other Asian/Pacific NICs it's worse 
than useless and staffed by people whose sole job is to pass the buck and 
to avoid taking responsibility for their own actions and inactions. you 
know: kerwans. That whole region is a disaster area, Internet-wise.



Peter Feltham, CEO of Intelligent Organisations.

Tel: +44 208 357 7355           Fax: +44 7050 697 405
                         Private  Fax: +44 7050 694 038
A member of Rheingold Associates


More information about the list mailing list