[Dshield] Where should you start - I'll wrap it myself
ed.truitt at etee2k.net
Sun Mar 21 16:46:42 GMT 2004
Roger Gelder wrote:
>OK, most responses have been, reasonably so from the point of view of this being 'Dshield', concerned with the defensive approach. I was more interested in the offensive - rooting out the writers and distributors of the rubbish -difficult but not impossible. Only one of the replies seemed to feel that that was appropriate, which is surprising, given the damage.
>However, I would have thought that with all the tracing and tracking effort put in place by the many subscribers to this list, that some reporting of these activities would have been possible. Whether such efforts result in reports to those with the legal authority to bring criminal proceedings - and thus 'terminate with prejudice' - take away their PCs and heavily fine/jail or whatever, does not seem to be happening. The result is the continuance of damage.
>So, whenever I get a scam, attempted "Fill in your bank account details here" message , I DO report it to the cover name such as Ebay or my local bank, whose-ever name has been abused. I don't know enough about tracking and tracing to be competent in that field, so I am grateful for your efforts on my behalf.
> BUT, do you report the 'criminals' and end their activities, or, at least, make life difficult for them?
Yes, I do. When I get one of the phishing emails, I forward it -- or at
least attempt to -- to the organization being spoofed. When I get
emails purporting to offer illegal items for sale, I forward them to the
local authorities. Back in the days before the massive zombie-nets of
spam engines, I would track down a spammer through the headers, and
notify the ISP (or the upstream) responsible. I have had some successes
-- in one case, a web site was offering an upcoming "pay-per-view" of a
small dog being fed to a large snake. While others complained to the
local PD and Humane Society, I took a different route -- I went to the
site's upstream provider, and within an hour had confirmation that the
pages had been taken down. They couldn't advertise, thus there was no
economic incentive for them to continue (plus, the local PD and Humane
Society were watching them.)
Even now, I use the "fightback" feature of DShield to report attacks on
my network. When my own ISP got one of the reports, and asked why I
didn't contact them directly, I had an opportunity to educate the ISP
about DShield. And, these days, that is probably the best thing you can
do to make life difficult for the B at d D00dZ and their skiddie wannabes.
People who KNOW not to open unknown and unsolicited email attachments,
people who KNOW not to give out their credentials and other personal
info on websites based on a phishing expedition, people who KNOW to keep
their A/V products updated, people who KNOW to use a firewall if they
have an always-on Internet connection, these people are more likely NOT
to become victims. I don't care if they are running Windows, Linux,
*BSD, MacOS,or even CP/M - they will be less likely to engage in the
extremely risky behavior that folks who are ignorant of the dangers
appear to be so fond of. So, my fight against the online baddies has
changed with the times. I still fight the good fight, I simply choose
my battlegrounds differently, and fight where I feel I can make a
As far as "terminating with extreme prejudice" goes, I'll leave that to
Delta Force and the CIA. If the rumors are in any way accurate, some of
the folks behind the recent crops of malware are affiliated with
organized crime in the former Soviet Union, and with a variety of
national intelligence services and terrorist organizations -- and those
are people I am NOT interested in challenging directly.
PGP fingerprint: 5368 D25E 468C A250 9833 CCD6 DBAE 9C25 02F9 0AB9
"Note to spammers: my 'delete' key is connected to YOUR ISP.
Also, if you send me UCE, I reserve the right to post your spew
on my Web site, with the appropriate color commentary, so that
others may have a good laugh at your expense."
More information about the list