[LINK] The DDoS That Almost Broke the Internet
stephen at melbpc.org.au
stephen at melbpc.org.au
Fri Mar 29 02:19:47 AEDT 2013
Spamhaus certainly seems to fight the good fight ..
> Indeed, the combatants in question have been battling it out online:
> a conflict between Spamhaus, a Dutch group that tracks spammers and
> Cyberbunker, a Dutch hosting company accused of housing them. That's
> really happening: as far as we can tell, botnets acting on behalf of
> (or, run by) Cyberbunker have been trying to crash Spamhaus for days
> with a strong stream of overload junk data.
No wonder Cyberbunker ISP (a serious botnet host) wants them silenced:
For eg: http://www.spamhaus.org/rokso
The "ROKSO Register" of baddies personally names the perps of 118 spam
operations, as of 03/28/2013. They list just one Aussie: a Nikhil Kuma
Pragji (aka Dark-Mailer), Country: Australia, State: Queensland namely:
"Through the Dark-Mailer Windows based proxy-botnet based spamware this
spammer is responsible for, and behind, a large portion of the world's
illegally sent spam. All this out of Australia, a nation that has made
almost everything Nikhil Kumar Pragji does illegal under law .. "
The ROKSO List: 100 Known Spam Operations responsible for 80% of your spam.
80% of spam received by Internet users in North America and Europe can be
traced via aliases, addresses, redirects, locations of servers, domains and
dns setups, to a hard-core group of around 100 known spam operations,
almost all of whom are listed in the ROKSO database.
The majority of the spammers on the ROKSO List operate illegally and move
from network to network and country to country seeking out Internet Service
Providers with poor security or known for not enforcing of anti-spam
policies.
Many of these spam operations pretend to operate 'offshore'. Those who
don't hide behind anonymity pretend to be small 'ISPs' themselves, claiming
to their providers that the spam is being sent not by them but by non-
existent 'customers'. When caught, almost all use the age old tactic of
lying to each ISP long enough to buy a few days or weeks more of spamming
and when terminated simply move on to the next ISP already set up and
waiting.
Those on the ROKSO List are the professional spammers you definitely do NOT
want on your network.
ROKSO is a "3 Strikes" register. To be placed on the ROKSO list a spammer
must first be terminated by a minimum of 3 ISPs for AUP violations. Once
listed in ROKSO, IP addresses under the control of ROKSO-listed spammers
are automatically and preemptively listed in the Spamhaus Block List (SBL).
For qualified Law Enforcement Agencies Spamhaus provides a special version
of this ROKSO database which gives access to records with evidence, logs
and information on illegal activities of many of these gangs, too sensitive
to publish here."
Cheers,
Stephen
More information about the Link
mailing list