[Dshield] Cut Off China

jayjwa jayjwa at atr2.ath.cx
Wed Jun 29 02:44:16 GMT 2005


On Mon, 27 Jun 2005, David Cary Hart wrote:

-> > 	 it is definetly targeted at the US and is spewed from hacked
-> > boxes on Comcast, Adelphia, Roadrunner and the like but it seems to have
-> > originated from  other countries.

-> It should be noted that most of those "hacked" boxes are in dynamic
-> space which provides another means of blocking.

I've got to disagree here: why bother to hack a box, setup a spam front 
to start off whatever operation they have in mind, only to have said box 
go offline 20 minutes later because grandma shutdown her PPP connection 
after she read her email and the whole thing's now gone to waste? It 
doesn't make sense to throw away 'hard work' or effort, even to a 
spammer/scammer.

Dynamic != Bad Guy. If anything, it's more of a pain that some of us 
unfortunately have to put up with given our situations, but that is 
another story. As far as blocking based solely on one's connection status 
to the Internet, I think that that would have to be considered even more 
prejudice than banning an entire country like China, as dynamic users tend 
to be home users or those without the money to purchase expensive, 
high-speed static lines.

Interestingly, of all the spam & email frauds that I've dealt with over 
this past week, all of it was from either static DSL lines, or the ISP's 
designated outbound mailserver on what appeared to be Unix machines. The 
opertunity for the email scams (such as eBay/PayPal) appeared to come from 
seriously outdated, known-vulnerable services. None of it was dynamic.

-- 
Confidentiality Notice: This email may contain confidential
and privileged information. If in the event that it does,
please send it back to me with a reply telling me how
stupid I am for sending confidential info to a public forum.


More information about the list mailing list