[Dshield] Re: Australian spammers/hackers

Peter Feltham peter at intelligentorgs.com
Fri Mar 8 16:44:31 GMT 2002


At 09:16 08/03/2002 -0500, Malcom wrote:

- a very polite reply to my rant. Thanks.

>Message: 7
>Subject: RE: [Dshield] Re: Australian spammers/hackers
>Date: Fri, 8 Mar 2002 08:47:49 +1100
>From: "Malcolm Joosse" <malcolm at hotlinesupport.com>
>To: <list at dshield.org>
>Reply-To: list at dshield.org
>
>Peter,
>I can understand your frustration with countries, but I did not know
>that OZ was responsible for alot of hacking and Spamming.  You might
>want to see if the "attacks" from wombat.com.au are not just the search
>engine exploring broken links or checking out old cache, it might just
>be a poorly written search engine.

If they were just spidering various sites, then fine, no problem with
that. But they are port-scanning us, Malcom, on weird ports ranging
from the usual scams to 30000 range stuff. And that is an attack in
my book.

They are not the brightest jewel in the box either, since they're blocked
on the firewall, and you'd think they'd detect that and give up. But no,
2000+ scans on average per day, around the clock. For months, now!

Sigh.


>   I get about 1000 port 80 scans to
>invalid addresses and have given up, I know my firewall will do its job,
>so I just treat all the port 80 stuff as background noise from the
>internet.

Yeah, me too.

>I can also understand what you are saying about Hel$tra (aka Telstra).
>They give us ISPs downunder grief all day every day.
>The problem is not with australia but big arrogant ISPs/ Telcos world
>wide.  We see this everywhere, the small ISP replys to complaints and
>usually advise of the results but the big ones just thumb their noses at
>you.

Yup. And it's very true of many big ISPs in the USA, Europe (wandoo.fr,
tin.it spring to mind). And the big Tier-1 providers who provide hot bandwidth
for the porno and scam merchants too - none of those are at all bothered
by the vast amounts of complaints they receive.



>Do not think that we "down under" are a spam or hacker haven, we have
>heavy laws for computer crimes and will soon have laws against spam.  We
>see A LOT of SPAM from the likes of SWBELL,XO, ATT and Alter.net, but we
>cannot ban them because they are big and would cause us alot of
>complaints from users who cannot access their networks.

Agreed, Malcom.

My policy is to ban those big networks as a protest every now and then.
Then I ask our customers who complain to me to complain to them
instead. And eventually, lift the blocks.

It does not do anything other than make me feel better, I'd admit. But
it's still good to make a protest. ;-)

One interesting datum for you: I've been working on my Auto-Whiner
System, and it's finding more bad guyz in China and Taiwan etc than
elsewhere, as we might expect. But quite a few Oz addresses too
amongst the would-be exploiters.

The point about that system is that I set up a server on the DMZ that
is *not* running any mail-protocols - and it is getting hits from everywhere
from people trying to relay, plus the usual port-scan attempts.

This simple action has yielded a lot of data to me: any attempt to
hit that server is, by definition, an exploit of some kind since it
does not run any legitimately accessed services. And that, it turns
out, is quite a useful thing to do!


>We have tried to shead some light on the way ISPs handle security and I
>have been to many security forums, but it is always the big guys that
>never want to be pro active.
>They believe that it is up to the user to protect their systems, but
>when it is brought up that a hacker can do as they please they deny they
>have any on their network.
>We as an ISP run tripwire type services on all servers and run full
>firewalls on all networks.  We also scan for viruses and block spam, but
>we are only one of a few ISPs in Oz or the rest of the world that do
>this type of thing.

Good for you!! I shall recommend your services to people that ask us
in that case!

Our own ISP relay-checks all their customer mail-servers once/day
bless them. Some other customers whined about this (go figure!)
but I sent their top geek a congratulatory email to thank them for
taking the trouble. I wish more were like them, and yourself, Malcom.

>It is not a local problem but a world wide internet problem.

Agreed. (nodding vigorously)

>I do not really care if you block the whole of oceania, but your/my
>clients might, but I have not control over the way you run your
>business.

Thanks for the comments, Malcolm. They are well taken.

I do not block all of Oz because we have customers and friends who
need to communciate with us and other people. But there are some
vipers' nests down there and it's good to hear that legislation will
be passed to make chasing them off that much easier and more
effective in future.

The thing that pisses me off the most about all the spammers and
hackers is that they have succeeded in a few short years in doing
a lot of damage to the trust relationships that we built up on the
[old] Internet over the preceeding years.

And it's starting to cause a backlash now: some customers are
now saying things like "it's not worth it any more"...

As someone involved with the Internet for a long time, it really
saddens me to see these people hurting such a wonderful
set of resources like this.

Take care
bestest
^O^ink



-- 
Peter Feltham, CEO of Intelligent Organisations.
         http://www.intelligentorgs.com

Tel: +44 208 357 7355           Fax: +44 7050 697 405
                         Private  Fax: +44 7050 694 038
-- 
A member of Rheingold Associates
    http://www.rheingold.com/associates/index.html
Join the Brainstorms Anthrax Research team by visiting:
http://members.ud.com/services/teams/team.htm?id=21FAE341-5071-4B7B-A703-5C65022032FB
-- 




More information about the list mailing list