[Dshield] Where should you start - I'll wrap it myself

Ed Truitt ed.truitt at etee2k.net
Sun Mar 21 16:46:42 GMT 2004

Roger Gelder wrote:

>OK, most responses have been, reasonably so from the point of view of this being 'Dshield', concerned with the defensive approach. I was more interested in the offensive - rooting out the writers and distributors of the rubbish -difficult but not impossible. Only one of the replies seemed to feel that that was appropriate, which is surprising, given the damage.
>However, I would have thought that with all the tracing and tracking effort put in place by the many subscribers to this list, that some reporting of these activities would have been possible. Whether such efforts result in reports to those with the legal authority to bring criminal proceedings - and thus 'terminate with prejudice' - take away their PCs and heavily fine/jail or whatever, does not seem to be happening. The result is the continuance of damage.
>So, whenever I get a scam, attempted "Fill in your bank account details here" message , I DO report it to the cover name such as Ebay or my local bank, whose-ever name has been abused. I don't know enough about tracking and tracing to be competent in that field, so I am grateful for your efforts on my behalf. 
>    BUT, do you report the 'criminals' and end their activities, or, at least, make life difficult for them?
Yes, I do.  When I get one of the phishing emails, I forward it -- or at 
least attempt to -- to the organization being spoofed.  When I get 
emails purporting to offer illegal items for sale, I forward them to the 
local authorities.  Back in the days before the massive zombie-nets of 
spam engines, I would track down a spammer through the headers, and 
notify the ISP (or the upstream) responsible.  I have had some successes 
-- in one case, a web site was offering an upcoming "pay-per-view" of a 
small dog being fed to a large snake.  While others complained to the 
local PD and Humane Society, I took a different route -- I went to the 
site's upstream provider, and within an hour had confirmation that the 
pages had been taken down.  They couldn't advertise, thus there was no 
economic incentive for them to continue (plus, the local PD and Humane 
Society were watching them.)

Even now, I use the "fightback" feature of DShield to report attacks on 
my network.  When my own ISP got one of the reports, and asked why I 
didn't contact them directly, I had an opportunity to educate the ISP 
about DShield.  And, these days, that is probably the best thing you can 
do to make life difficult for the B at d D00dZ and their skiddie wannabes.  
People who KNOW not to open unknown and unsolicited email attachments, 
people who KNOW not to give out their credentials and other personal 
info on websites based on a phishing expedition, people who KNOW to keep 
their A/V products updated, people who KNOW to use a firewall if they 
have an always-on Internet connection, these people are more likely NOT 
to become victims.  I don't care if they are running Windows, Linux, 
*BSD, MacOS,or even CP/M - they will be less likely to engage in the 
extremely risky behavior that folks who are ignorant of the dangers 
appear to be so fond of.  So, my fight against the online baddies has 
changed with the times.  I still fight the good fight, I simply choose 
my battlegrounds differently, and fight where I feel I can make a 

As far as "terminating with extreme prejudice" goes, I'll leave that to 
Delta Force and the CIA.  If the rumors are in any way accurate, some of 
the folks behind the recent crops of malware are affiliated with 
organized crime in the former Soviet Union, and with a variety of 
national intelligence services and terrorist organizations -- and those 
are people I am NOT interested in challenging directly.

Ed Truitt
PGP fingerprint:  5368 D25E 468C A250 9833  CCD6 DBAE 9C25 02F9 0AB9

"Note to spammers:  my 'delete' key is connected to YOUR ISP.
 Also, if you send me UCE, I reserve the right to post your spew
on my Web site, with the appropriate color commentary, so that
others may have a good laugh at your expense."

More information about the list mailing list