[Dshield] Cut Off China

Thomas.Deimel@gastechnology.org Thomas.Deimel at gastechnology.org
Mon Jun 27 16:14:35 GMT 2005

Good move, .ca is Canada not China!

Thomas J. Deimel

             Kenneth Coney                                                 
             <superc at visuallin                                             
             k.com>                                                     To 
             Sent by:                  list at lists.dshield.org              
             list-bounces at list                                          cc 
                                       Re: [Dshield] Cut Off China         
             06/27/2005 11:07                                              
             Please respond to                                             
              General DShield                                              
              Discussion List                                              
             <list at lists.dshie                                             

Er, actually I added large ranges of the .ca world to my blocked list
some time ago.  I suspect Adrien's complaint is being also voiced by
spam recipients in China or Brazil or Korea.  If we all don't block, and
we don't report, it makes perfect business sense for spam to originate
from another country.  A complainant quickly learns there is very little
LE or the courts in their own country can do about spam originating from
across a border.  However, when the spam originates from within one's
own country the courts and the law often provide recourse.  Here in VA,
a state within the US, sending spam is an actual crime (as in jail time)
and senders can also be sued for theft of computer time, lost hours,
etc. so I am not in the least surprised that since those laws were
passed I receive little spam originating within VA.  When spam
originates in other states within the US the law still provides some
recourse once the originators are identified and many IPs cooperate
readily least they be caught up in any legal issues (i.e., co
conspirator, etc.) resulting from their failure to do so. What little
spam I do get from within the US seems when I take the hours to track
down the originators to be an infected PC responding to commands from
elsewhere, or a fly by night setup with bogus or no info in the Arin
lists.  [Arin, RIPE, CRISNIC, etc. seem to be very slow to update and at
least twice I have talked to company owners who advised that they
haven't had the IP ranges being attributed to them by ARIN for some time
(company dissolved, and similar situations).  I won't even discuss APNIC
or the others reassigning blocks and not publishing it for months.]
However, when the spam comes from a site in .kr or .de blocking the IP
ranges becomes the only practical action for a US user.  Someone in
Korea or Canada or Brazil may very well find it in their best interests
to block communications from the US if that is the source of their spam
or hostile probes.

That doesn't mean you shouldn't share the info.  Non recipients may not
have the legal standing to sue an alleged spammer, or hostile prober but
that doesn't mean the IPs would not be very interested to learn of a
specific spamming or acting maliciously IPN sitting within their range
of IPNs.  The "fight back" concept and all that.

Re: [Dshield] Cut Off China
Adrien de Beaupre <adriendb at whitehats.ca>
Sun, 26 Jun 2005 17:27:54 -0400

General DShield Discussion List <list at lists.dshield.org>

>> Greetings:
>> This is going to get lengthy, but I hope you'll bear with me because it
>> explain to the "seasoned pro's" how the "newbie" (like me) mind works. I
>> totally agree with jayjwa and Ken Coney concerning the blocking of junk
>> traffic from China, and other Countries that don't play by the rules. In
>> - I'd go so far as to block ALL traffic from these Countries. I'll
>> but first - a little about myself so you know where I'm coming from.

Hmm, if we appled that logic, traffic from the US would be cut off
from entering Canada. The two countries who target Canadian IPs
on a regular basis are China and the US.


In fact, all spam does not trace back to China, nor any other
country. Spam traces back to, you guessed it, the US of A.
That is where the targeted demographic is, and that is where
money trail traces back to. Follow the money a little further
Mike, it doesn't end up where you think.

I am not arguing for, or against blocking all traffic from
any country, far from it. Your logic does not seem to bear
up under scrutiny.



send all posts to list at lists.dshield.org
To change your subscription options (or unsubscribe), see:

More information about the list mailing list