[LINK] The DDoS That Almost Broke the Internet

stephen at melbpc.org.au stephen at melbpc.org.au
Fri Mar 29 02:19:47 AEDT 2013


Spamhaus certainly seems to fight the good fight ..

> Indeed, the combatants in question have been battling it out online:
> a conflict between Spamhaus, a Dutch group that tracks spammers and
> Cyberbunker, a Dutch hosting company accused of housing them. That's
> really happening: as far as we can tell, botnets acting on behalf of
> (or, run by) Cyberbunker have been trying to crash Spamhaus for days
> with a strong stream of overload junk data.

No wonder Cyberbunker ISP (a serious botnet host) wants them silenced: 
 
For eg:  http://www.spamhaus.org/rokso

The "ROKSO Register" of baddies personally names the perps of 118 spam
operations, as of 03/28/2013. They list just one Aussie: a Nikhil Kuma
Pragji (aka Dark-Mailer), Country: Australia, State: Queensland namely:
"Through the Dark-Mailer Windows based proxy-botnet based spamware this
spammer is responsible for, and behind, a large portion of the world's
illegally sent spam. All this out of Australia, a nation that has made
almost everything Nikhil Kumar Pragji does illegal under law .. "


The ROKSO List: 100 Known Spam Operations responsible for 80% of your spam.

80% of spam received by Internet users in North America and Europe can be 
traced via aliases, addresses, redirects, locations of servers, domains and 
dns setups, to a hard-core group of around 100 known spam operations, 
almost all of whom are listed in the ROKSO database.

The majority of the spammers on the ROKSO List operate illegally and move 
from network to network and country to country seeking out Internet Service 
Providers with poor security or known for not enforcing of anti-spam 
policies.

Many of these spam operations pretend to operate 'offshore'. Those who 
don't hide behind anonymity pretend to be small 'ISPs' themselves, claiming 
to their providers that the spam is being sent not by them but by non-
existent 'customers'. When caught, almost all use the age old tactic of 
lying to each ISP long enough to buy a few days or weeks more of spamming 
and when terminated simply move on to the next ISP already set up and 
waiting.

Those on the ROKSO List are the professional spammers you definitely do NOT 
want on your network.

ROKSO is a "3 Strikes" register. To be placed on the ROKSO list a spammer 
must first be terminated by a minimum of 3 ISPs for AUP violations. Once 
listed in ROKSO, IP addresses under the control of ROKSO-listed spammers 
are automatically and preemptively listed in the Spamhaus Block List (SBL).

For qualified Law Enforcement Agencies Spamhaus provides a special version 
of this ROKSO database which gives access to records with evidence, logs 
and information on illegal activities of many of these gangs, too sensitive 
to publish here."

Cheers,
Stephen



More information about the Link mailing list