Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror

What Happened to Blue Security 293

Posted by Hemos
from the bad-news-for-anti-spam dept.
shadowknot writes "Blue Security has published a detailed account of the attack on their servers perpetrated by spammer "PharmaMaster". The attack included a DDoS attack on the Blue Security operational system and a Black Hole filtering attack on the Blue Security website. From the article: "The first attack was to block worldwide access to Blue Security's corporate website (www.bluesecurity.com) by tampering with the Internet backbone using a technique called "Blackhole Filtering". The Second attack was a DDoS attack on Blue Security's operational system."
This discussion has been archived. No new comments can be posted.

What Happened to Blue Security

Comments Filter:
  • Coral Cache (Score:5, Informative)

    by Rob T Firefly (844560) on Monday May 08, 2006 @09:54AM (#15285219) Homepage Journal
  • For the lazy :) (Score:4, Informative)

    by Spy der Mann (805235) <spydermann.slashdot@NOspam.gmail.com> on Monday May 08, 2006 @09:58AM (#15285244) Homepage Journal
    Powered by Copy-Paste (TM).

    Timeline (all times in GMT)
    [May 2nd 13:42 GMT]
    PharmaMaster Works to Block Traffic to Blue's Corporate Web Site

    One of the world's largest spammer's, 'PharmaMaster', sends Blue Security an ICQ message stating that he will block traffic to Blue's corporate website, www.bluesecurity.com

    * ICQ Message: "Support [tier-1 ISP name withheld] says: Yes wont be a problem, i'll make sure to block all traffic to this domain very soon just get me reports mate"
    * "[tier-1 ISP name withheld] will block traffic to your websites god i love this war :)"

    [May 2nd 14:47 GMT]
    BlueSecurity.com Can't be Accessed Outside of Israel

    Blue Security receives another ICQ message from PharmaMaster stating that Blue's corporate Web site cannot be accessed from outside of Israel.

    * ICQ Message: "bluesecurity.com cant be open from outside of israel oh i feel sorry for the company really :)"

    [May 2nd 15:30 GMT]
    Blue Security's Dedicated Servers - NOT Corporate Website - Under Attack

    Blue Security's operational servers - NOT www.bluesecurity.com - suffers from DDoS attacks.
    [ May 2nd 16:30 GMT]
    Corporate Website Receives 2 Hits/Min

    Blue employees notice that there is no load on the corporate website, www.bluesecurity.com (2 hits per minute) and that most visitors originate from Israel.
    [May 2nd 17:07 GMT]
    PharmaMaster Sends Message: Website Can't be Accessed Around World

    Blue receives another ICQ message from PharmaMaster stating the company's corporate Web site can not be accessed around the world.
    [May 2nd 20:17 GMT]
    Blue Performs Technical Analysis: Confirms Website Cannot be Accessed Abroad

    Blue's technical analysis team determines that its corporate website can still be accessed from Israel, but cannot be accessed abroad.
    [May 2nd 21:17 GMT]
    Blue Reports More Symptoms: "Blackhole filtering" Confirmed

    Blue's operational team reports on more symptoms supporting PharmaMaster's claims that the backbone of the Internet was compromised (blackhole filtering at the backbone level). Still, there is no sign that there was a DDoS attack on Blue's website.
    [May 2nd 22:45 GMT]
    Blue Security Decides to Update Blue Community

    Blue Security decides to update the Blue community about the situation by reverting to Blue's pre-launch "Blue Zone" Blog, hosted on Typepad.
    [May 2nd 23:20 GMT]
    BlueSecurity.com Redirected to TypePad

    www.bluesecurity.com is redirected to Blue Security's blog. Many community members can receive real time information about the attack.
    [May 2nd 23:27 GMT]
    First Comment Posted on the Blue Blog

    Blog site at TypePad functional. The first comment is posted on the Blue blog by a user.
    [May 2nd 23:57 GMT]
    Last comment Posted on the Blue Blog Before DDoS Begins

    TypePad blog site still functional. The last comment is posted thirty minutes later on the Blue blog just before the new DDoS attack occurs. (If there had been an initial DDoS attack on Blue's corporate site, the blog site would have been hit)
    [May 3rd 00:00 GMT]
    PharmaMaster Starts Attacking Typepad

    A fierce and ruthless DDoS on Typepad begins. Blue is not aware of the DDoS due to the late hour in Israel (2 AM local time). Typepad continues to carry Blue Security's blog and help Blue keep our community aware of the situation.
    [May 3rd 16:43 GMT]
    PharmaMaster Strikes Again, Takes Down Tucows

    PharmaMaster starts another attack and takes down Tucows's DNS servers which were serving thousands of sites, including Blue Security's. Tucows terminates Blue Security's account in an attempt to stop the attack.
    [May 3rd 23:23 GMT]
    PharmaMaster Boasts Success

    Almost 24 hours later, PharmaMaster boasts success in another ICQ message

    * ICQ Message: "pharma master: you know i feel sorry for you a

    • Hi,
      I haven't really paid attention to the "attack actual spam messages" front.

      How is this any different from forwarding my email to myspamaddress@spamcop.net?
  • DNS Vulnerabilities (Score:5, Informative)

    by Billosaur (927319) * <.ten.enilnotpo. .ta. .rehtorgw.> on Monday May 08, 2006 @09:58AM (#15285250) Journal

    [May 3rd 16:43 GMT]
    PharmaMaster Strikes Again, Takes Down Tucows

    PharmaMaster starts another attack and takes down Tucows's DNS servers which were serving thousands of sites, including Blue Security's. Tucows terminates Blue Security's account in an attempt to stop the attack.

    And it was't all that long ago that DNS vulnerabilities [slashdot.org] were under discussion. Attacking a DNS server not only takes out the site intended, it has the bonus of collateral damage. Imagine the chagrin of all the other sites served by Tucows when they all go down en masse and imagine the PR campaign that Blue Security is going to have to wage to get any credibility back.

    • by Rob T Firefly (844560) on Monday May 08, 2006 @10:03AM (#15285284) Homepage Journal
      imagine the PR campaign that Blue Security is going to have to wage to get any credibility back

      Considering who Bluesecurity are and what they do, this whole thing has actually seemed to me to serve as pretty good PR for them. It pisses off lots of people, but once the facts were out there pretty much everyone I know got pissed at the spammer, not Bluesecurity. Everyone hates spam, but now they see a spammer taking things to the next level of evil, which really strengthens the image of the "good guys." People who never heard of Bluesecurity before are becomeing ready to do what they can to work against this spammer.

      • by mikeisme77 (938209) on Monday May 08, 2006 @10:10AM (#15285330) Homepage Journal
        Amen to that. I had never heard of BlueSecurity before this fiasco, but now that I've heard how much trouble they can give these jackass spammers and that they stick to their guns (no matter the cost), I'd like to support them in some way (although I probably won't join the network, as I don't agree with their methods of stopping spam).
        • by jjhall (555562) <slashdot&mail4geeks,com> on Monday May 08, 2006 @01:38PM (#15287193) Homepage
          What part of their methods do you not agree with? All they are doing is automating what you could do on your own. For each spam message you send them, they analyze it and set up a script to make ONE opt-out request on the spammer's website (where they are selling their product) and ONE message each to some and/or all of the upchain ISPs, government agencies that have jurisdiction over the crime, etc. They then forward that script to your BlueFrog client running on your system. If you are the only person that got that spam message, that one message is all that is sent to the spammer and the appropriate authorities.

          Now if the spammer sends that message to 1000 BlueSecurity members, they will get 1000 messages generated and sent, one from each of the users they spammed. If they send it to 5000 users, well you get the idea. The more Blue people they spam, the more opt-out requests they get. One for one.

          You have a right to do it by yourself, tracking filling out forms on the spammer's ordering site, forwarding a copy to the ISP of the originating IP and/or mail server, forwarding it to the FDA if it is a drug relates spam, etc. How long will that take you? You could easily spend a few hours a day or more doing that.

          Enter BlueSecurity stage right. They hire staff to track down the senders of that spam message you just received, just like you would have done. The difference is they take that information and distribute it to everybody else they know received that spam as well.

          The thing is, these spammers should understand they have absolutely 0% of a chance of selling that item to any of the members of the Blue community. Why are they bothering to do this when it has no chance whatsoever of giving them even a single cent of profit? They should be happy to have the chance to clean their leads list. I've done telephone sales in the past (calling existing members about renewals) and I was happy to remove people who didn't want to be called from the list. For every person I removed from the list, it meant one less guaranteed no-sale next time the membership list cycled. In the long run I made more sales, and actually helped more people save money (it was cheaper to renew via phone than via the normal process) on a product they wanted.

          I understand the calling I was doing is completely different than the spamming in this topic, but the end result is the same. The more guaranteed "no" leads you remove, the higher you sales percentage will be, and the more profits in the long run.

          I had heard about Blue before this mess, but never got around to checking into their methods and signing up. Now that I see they are effective, and feel comfortable on how their network and client works (I also thought they DDoS'd the sites until I looked into it,) I have signed up. Now I'm waiting for their system to become fully functionable again so I can verify my account and start kicking spammer tail!

          Jeremy

      • Considering who Bluesecurity are and what they do, this whole thing has actually seemed to me to serve as pretty good PR for them. It pisses off lots of people, but once the facts were out there pretty much everyone I know got pissed at the spammer, not Bluesecurity. Everyone hates spam, but now they see a spammer taking things to the next level of evil, which really strengthens the image of the "good guys." People who never heard of Bluesecurity before are becomeing ready to do what they can to work agains
    • The DNS vulnerabilities are not hurting Blue Security's credibility!

      That a hacker had to use a sledgehammer to cause them signifigant harm shows that Blue Security was/is doing something correctly.

      The group that will need to gain back credibility, are the organizations that are the operating these vulnerable DNS servers because it's their vulnerability that allowed such signifigant collateral damage.

    • ...and imagine the PR campaign that Blue Security is going to have to wage to get any credibility back.

      Um, how about "no such thing as bad publicity"?

      In my journal i commented that the attack on Six Apart was the web equivalent of Pearl Harbor [slashdot.org]. It not only (possibly) called the attention of the authorities towards PharmaMaster, it also became worldwide famous: I've been searching blogs [google.com] for "blue security" and I've seen a lot of comments from people wanting to sign up when they're back online. One blogger in particular (forgot the url) said that "Blue Security" became the top technorati search during the attacks.
    • Notice that, as I mentioned in the DNS story, causing such collateral damage serves to bring much unwanted attention to the attacker. Would we be discussing this if only Blue Security had been affected?
    • Blue Security has not had it's credibility damaged and this may have actually been good PR for Blue Security. Tucows may have incurred a PR problem. The log said that Tucows terminated Blue Security's account: May a pox descend on all of Tucow's management if Tucows actually did terminate Blue Security's account.
    • by Alascom (95042) on Monday May 08, 2006 @03:46PM (#15288194)
      The fact that Tucows would kick one of their customers to the curb in a pathetic attempt to pacify a blackmailer/spammer/terrorist is shameful, short-sighted, and tragic.

      While the spammer is clearly worthy or our scorn, I believe Tucows is even more deserving of public shame and disgrace. I expect a spammer to spam, I expect a hacker to hack, but I do not expect a (formerly) respectable business that takes my money to sell me out to criminals! Yes, I know they claim it was to protect their other customers, but tossing your baby to the lion to keep it from from attacking everyone else is reprehensible and I thought civilization had progressed beyond this.

      I for one, will NEVER use any of their services or web properties again unless they issue a public apology for their actions. Not just to BlueSecurity, but to all of their customers, because this clearly sends a signal to all would-be DDoS attackers that Tucows customers are for sale for the price of a few million IP packets!

  • publicity! (Score:4, Interesting)

    by celardore (844933) on Monday May 08, 2006 @10:01AM (#15285268)
    Even if the servers were temporarily downed, the publicity generated from this incident surely got quite a few new members.

    Heck, I even signed up; shall have to wait and see if it's worth it though.
    • Re:publicity! (Score:3, Interesting)

      by ltwally (313043)
      Agreed. I'd never heard of Blue Security until this story hit the news. Now I'm a member, too. I'd be willing to bet that we're not the only ones, either. Blue Security probably just doubled its membership with this story.

      Looks to me like this Pharma dude really shot himself in the foot.

      • I think Blue Security should name their headquarters "Zion city". They seem to be being attacked by numerous Agent Smiths(PharmaMasters?) and their associated tendril robots.
  • by stry_cat (558859) on Monday May 08, 2006 @10:04AM (#15285292) Journal
    Looks like Tucow really behaved badly. They cancled an account of a legimite user instead of defeating the attack. The should never have given into the spammer's demands.
    • by a16 (783096)
      I have no idea of how Blue Security operate their network, but presuming that Tucows only provide the domain registration and DNS services, they are probably earning what - $20 a year from Blue Security?

      I understand that in an ideal world a company should stand by a client suffering a DDoS attack, and there are many companies out there that do (but they advertise the service specially, and you pay thousands for it). But I don't think we can really say that a company providing budget services to the masses h
      • by drinkypoo (153816) <martin.espinoza@gmail.com> on Monday May 08, 2006 @11:28AM (#15285966) Homepage Journal

        Look at it this way - if you had a small company, or even a big company, and your entire network was down due to a client who gives you $20 a year - what would you do? Keep the client out of honour, but go out of business anyway?

        Look at it this way - are you going to forget that Tucows turned off a legitimate client? Me neither. Are you going to consider Tucows next time you need a corporate provider? Me either.

      • by jmorris42 (1458) *
        > I have no idea of how Blue Security operate their network, but presuming that Tucows only provide the
        > domain registration and DNS services, they are probably earning what - $20 a year from Blue Security?

        And how much can any of their remaining customers trust Tucows will protect US from the next idiot? So now all this asshat has to do is drop Tucows a note listing who he is pissed at this week and they will drop our domains too? No, millions for defense but never paying tribute is the only winning
  • by DigDuality (918867) on Monday May 08, 2006 @10:05AM (#15285294)
    Apparently spammers are lining up to help out Pharmamaster from the SpecialHam forums. Digg.com users yesterday attempted lauching multiple types of bandwidth vampirism and DDOS attacks on SpecialHam yesterday as well. http://digg.com/technology/SPAMmers_really_pissed_ off_at_bluesecurity,_read_their_message_board [digg.com]
  • by ladybugfi (110420) on Monday May 08, 2006 @10:05AM (#15285299)
    >Blue?s operational team reports on more symptoms supporting PharmaMaster's claims that the backbone of the Internet was compromised (blackhole filtering at the backbone level).

    No offence to the Blue guys' disrupted service, but I think this is the most interesting bit. I wonder whether this description is correct and if so, how the spammer achieved THAT.
    • by Anonymous Coward on Monday May 08, 2006 @10:14AM (#15285354)
      Sounds like they paid off some people...

      "
      * ICQ Message: "Support [tier-1 ISP name withheld] says: Yes wont be a problem, i'll make sure to block all traffic to this domain very soon just get me reports mate"
      * "[tier-1 ISP name withheld] will block traffic to your websites god i love this war :)""

      This was more clear on some other article, but I can't find it at the moment. The spammers supposedly have an engineer on a backbone helping them. All I want to know is how the engineer expected not to be caught (I'm assuming he is caught... or there is a whole heck of lot more corruption out there than I thought)
      • Or PharmaMaster is said Engineer at a backbone provider.
  • What is? (Score:2, Interesting)

    by towsonu2003 (928663)
    What's "blackhole filtering"?
    • at least, that's the way it seems to be described.
      • OK.. and what's a /dev/null?
        • It comes from unix. On unix systems all devices from the vidcard to the mouse are mounted on the filesystem. By standard under /dev/ (devices). There are in many ways files, some readable, some writable and some both.

          /dev/null is a special device and it is nothing. If you write to it it goes nowhere just disappears.

          Common joke is that you backedup to /dev/null because it had plenty of space.

          I don't think windows has a similar function readily available.

          So what do you use it for? Well when you have somet

          • > I don't think windows has a similar function readily available.

            \Devices\Null in NT, more frequently accessed with the annoying DOS legacy "magic filename" NUL (yet another file you can't create). NUL is just a symbolic link in the "global" directory (a DOS compatibility hack basically) but it should be possible to use IoRegisterDeviceInterface to create an actual /dev/null path and get rid of \Global??\NUL and all the other hardwired DOS filenames. God knows what you'd break if you did the latter thou
          • Re:Nothing (Score:2, Informative)

            by operagost (62405)
            I don't think windows has a similar function readily available.
            NUL
          • by macdaddy (38372) on Monday May 08, 2006 @01:16PM (#15286971) Homepage Journal
            There are dozens of uses for null routing on ISP networks. For example you can use simple static routes to match all private (RFC1918), reserved for special purposes (RFC3330), and unassigned (Google for "BOGON") netblocks and route them to Null0 (a logical interface that basically drops the packets, much like the data bursts are dropped when sent to /dev/null. This is basic ingress/egress filtering that should be deployed on all border routers. You don't want to accept packets destined for your network that claim to be from a RFC1918 address because they are almost certainly spoofed (or another upstream ISP has an idiot for a netadm and your common carrier also employs idiots for not doing ingress filtering on customer access circuits). This is actually less CPU intensive than an access-list. Most mid to upper-end routers today can offload routing decisions to ASICs, whereas access-list decisions still bounce off of the CPU in many cases. You lose much of your logging capabilities with this method however.

            A variation of this technique is to route packets to an internal "blackhole router" instead of to Null0. This consumes a little more resources than the Null0 option but still far less than an ACL. The blackhole router does nothing else other than null routing the traffic. It can also be used to route the traffic to a sniffing device to give the admin an opportunity to see what the malicious traffic really was. The blackhole router can also advertise internally the blackhole routes. This is useful when you network policy prohibits making changes to critical hardware such as a border router without sufficient peer review. Often when you must null route something you must do it in a hurry (ie, a customer is being attacked). Being able to make the changes on a non-critical box (the blackhole router) and having the routes changes propgate up to a critical piece of hardware (the border router(s)) is very useful.

            Another reason to use them is to prevent routing loops. Lets say for example you have an access server terminating dialin customers. You've loaded out your AS with 192 modems. A /24 has been allocated for this AS. Your AS advertises that /24 with OSPF back into the core of your ISP network. However the AS's routing table doesn't contain a route for all 253 of the useable IPs in that /24. Instead individual routes are added as individual users dial in. Lets say a packet comes in that's destined for an IP that isn't in use. The AS looks at its routing table and says to itself that it doesn't have a route to that IP. It falls back on its default route which is the router upstream of the AS that just routed the packet to the AS. Rinse and repeat. A routing loop ensues.

            Sometimes in BGP you have to have a static route to a given netblock to turn around and advertise it. You already have internal routes that would ultimately route the packet to the right destination. However to get BGP working you have to create a specific route. You can simply create a static route to that subnet via Null0 with a cost of 254 and make BGP happy.

            There are dozens of examples of why you need null routing. Does that help? You can search on Cisco's website for additional references.

  • DDoS Extortionists (Score:5, Interesting)

    by Council (514577) <rmunroe@ g m a i l.com> on Monday May 08, 2006 @10:12AM (#15285340) Homepage
    this [csoonline.com] is a really cool story about how a company handled a DDoS attack by organized crime.
  • by DisplacedJoshua (919071) on Monday May 08, 2006 @10:21AM (#15285410)
    shameless from digg, but an easy redirect for /.ers without having to read digg's stuff: information week's take on it makes it seem less, well, amazing on the part of the spammers. http://www.informationweek.com/story/showArticle.j html?articleID=187200875 [informationweek.com]
  • by Anonymous Coward
    When you read Blue Security's press releases, it seems obvious they are a little on the desperate side, trying to figure out how to deal with this Pharmamaster character who has reduced their network to its knees. What's unfortunate about the situation is that it calls the light the sad state of backbone administration where the major providers can't or won't do anything about the situation, and a company is left trying to appeal to the general public to do something about it.

    Of course if the attack had oc
  • _Detailed_ timeline? (Score:4, Interesting)

    by Whizard (25579) on Monday May 08, 2006 @10:27AM (#15285453) Homepage
    Wow, if this is a detailed timeline, I'd hate to see the summary.

    "Some shit happened."

    As a security guy, this could have been really interesting, but it's not.
  • Poor response (Score:5, Insightful)

    by Grand Facade (35180) on Monday May 08, 2006 @10:29AM (#15285479)
    PharmaMaster starts another attack and takes down Tucows's DNS servers which were serving thousands of sites, including Blue Security's. Tucows terminates Blue Security's account in an attempt to stop the attack.
    [May 3rd 23:23 GMT]
    PharmaMaster Boasts Success


    Tucows is a company I will never recommend or use to host any of my domains.
    Caving in to a spammer/hacker retaliation will not garner much support.

    http://www.joker.com/ [joker.com] serves my needs well
    • > Caving in to a spammer/hacker retaliation will not garner much support.

      Uh, you just take at face value something some random schmuck writes as an analysis? More likely they MOVED BlueSecurity's account somewhere else.

      I think you need some of that restless legs syndrome medication, that knee is jerking a bit too hard.
  • Pharma Master (Score:5, Insightful)

    by jefu (53450) on Monday May 08, 2006 @10:37AM (#15285533) Homepage Journal
    So, just who is this PharmaMaster guy anyway.

    Enquiring minds (and all that) want to know.

  • by spyrochaete (707033) on Monday May 08, 2006 @10:46AM (#15285603) Homepage Journal
    This ferocious attack on Blue Security as well as Typepad and TUCOWS is proof that Blue Security's tactics are working. Spammers are scared to death of Blue Frog because it forces them to comply with the spirit of CANSPAM (since it is worthless in practise). They are so desperate that they are damaging the internet backbone to slightly increase the limited time that spam will be profitable.

    Do not listen to FUD-spreading ignoramuses who will no doubt leave many /. comments urging you to stay away from Blue Frog. Spammers do not have Blue Security's member lists - they are simply DIFFing their entire lists with the opt-outs sent by Blue Frog and sharing their filters with the "mailer community". Yes, some members (not me) have been threatened with, and temporarily recieved, more spam. However, this can't last since spammers who do this are simply fighting fire with gasoline! The more spam Blue Frog users get, the more opt-outs the spammer and client recieve which costs them time and money! Plus, regarding threats to leave Blue Frog, does it make sense that a spammer would remove ANY working email address for ANY reason?

    Who do you trust to solve your spam problem? Microsoft? Your government? If they really cared, wouldn't the problem have have been solved long before spam encompassed 90% of all email? Blue Security offers a realistic, fair, assertive, and EFFECTIVE means of hitting spammers where it hurts - in the database and in the pocketbook. They need your help to make spam an unprofitable, inconvenient vehicle for advertisers.

    I urge each and every /.er to sign up for a Blue Frog account RIGHT NOW (or whenever they're not getting DOSed) and simply forward your spam to yourusername@reports.bluesecurity.com. You can wait a day or two and send many spams as attachments in one email, or you can let the resident client do it for you. It's so easy and the headlines prove that it really does make a difference.

    Spammers are childishly thrashing around the internet like a bull in a china shop, having a flailing temper tantrum because people dare to stand up for their privacy. It is the duty of /.ers, as an informed userbase, to stand up for those internet users who don't know how to stand up for themselves.

    We have the numbers and the motivation. Aren't you sick and tired of these rich criminals wasting our time, defrauding our elders, and endangering our children day after day? If we stand together, just as the spammers stand together to attack Blue Security, then we WILL win.

    Sign up for a Blue Frog account ASAP and encourage your friends and family to do the same, as I have. And if you think it's possible to reason with spammers, check out this CastleCops forum thread [castlecops.com] that shows inside conversations from a spammer message board.
    • I urge each and every /.er to sign up for a Blue Frog account RIGHT NOW (or whenever they're not getting DOSed) and simply forward your spam to yourusername@reports.bluesecurity.com. You can wait a day or two and send many spams as attachments in one email, or you can let the resident client do it for you. It's so easy and the headlines prove that it really does make a difference.

      They are not ready yet to accept new accounts. It has been days and I still have not gotten their validation email. They do ha

      • New user accounts are working but their SMTP server is down so they can't send validations. I also hear that many people are getting their spam submissions bounced. Just give them time. Many prospective users know about Blue Frog due to this huge fiasco, so they must understand that it will take time and resources to fight the attacks while maintaining service.
    • I would sign up, but I run my own email server and haven't given out a real email address in years (I use aliases to forward all my email to the real account). I haven't seen SPAM in 2 or 3 years.
      • That's very clever. I run my own email server for my family with a SpamCop filter. It does a very good job of trimming out most spam but they're getting smarter and smarter. Plus, mothers are real spam magnets with their forwards and e-coupons and stuff.
  • Blackmail tactics (Score:3, Informative)

    by taupter (139818) <taupter@gmail.com> on Monday May 08, 2006 @10:47AM (#15285605) Homepage
    Those spammers will threat e-mails if you unsubscribe or not, so don't unsubscribe. They're doing this because it's hurting it in their pocket. Big deal. I don't give a damn if a spammer can't buy a new humvee limo, and I don't have to support those scumbags. So if they want to fill my mailbox with with their trash, so be it. I will not bend over to them. I will not unsubscribe. I will not let those fscking bastards tell me what I should do.
    • by Urusai (865560) on Monday May 08, 2006 @11:00AM (#15285719)
      "...we'll fight them at the routers, we'll fight them on the backbone, we'll fight them at the ISP, we'll fight them at the firewall; we shall never surrender."
      • And we'll fight them at the Gmail's spam filter. ;) You forgot this one!
        Yep, we should take action. Somebody has to. As people who profit from spam don't want to take effective action against them, we're in our right of defending ourselves. Maybe the guilt is not only theirs, but those 0.005% people who buy penis enlagement pills, viagra, cialis and such.
        The amount of short-dicked, impotent men waiting for a nigerian fortune is simply unbelievable.
  • ...they must be doing something right! I'm signing up.

    Thanks PharmaMaster for referring me!
  • by Dog-Cow (21281) on Monday May 08, 2006 @11:14AM (#15285837)
    Is to kill the spammers. Obviously the death penalty doesn't resolve the issue forever, or we'd not have as much crime as we do in the world, but it will deter most spammers.

    We put down rabid dogs because they have the potential to harm human beings despite having no intention to do so. Why is it less humane to remove life that actively and maliciously harms others?
  • by eno2001 (527078) on Monday May 08, 2006 @11:23AM (#15285920) Homepage Journal
    ...and show him my SIG. [DUKE NUKEM MODE]Come get some[/DUKE NUKEM MODE]
  • by Anonymous Coward on Monday May 08, 2006 @11:35AM (#15286045)
    From:http://72.14.207.104/search?q=cache:daxdV_-e7 aQJ:www.cisco.com/warp/public/732/Tech/security/do cs/blackhole.pdf+Blackhole+Filtering&hl=en&ct=clnk &cd=1 Benefits of Remotely Triggered Black Hole Filtering Black holes, from a network security perspective, are placed in the network where traffic is forwarded and dropped. Once an attack has been detected, black holing can be used to drop all attack traffic at the edge of an Internet service provide (ISP) network, based on either destination or source IP addresses. RTBH filtering is a technique that uses routing protocol updates to manipulate route tables at the network edge or anywhere else in the network to specifically drop undesirable traffic before it enters the service provider network. RTBH filtering provides a method for quickly dropping undesirable traffic at the edge of the network, based on either source addresses or destination addresses by forwarding it to a null0 interface. Null0 is a pseudointerface that is always up and can never forward or receive traffic. Forwarding packets to null0 is a common way to filter packets to a specific destination.
  • by Zaphod2016 (971897)

    For those new to this whole "BlueFrog" story, unsure who is the "good guy":

    Pro:

    • Ignoring never serves to fix anything. Just ask my little sister.
    • "If the spammers are pissed off, they must be doing something right." - /. & digg

    Con:

    • As I understand it, this company is backed with VC cash.
    • We *might* be witnessing the most creative advertising campaign in the history of the Internet.
  • by HermMunster (972336)
    Bottom line the advertisers know how their money is being spent. There's no excuse which allows them to claim ignorance. Once they are sued they'll look into it if they don't already know. The advertisers are funding this type of illegal behavior and so they should be held accountable. Large lawsuits or even criminal prosecution. These spammers and those illegally compromising the backbones are acting as agents of the advertisers, period.
  • What nonsense (Score:4, Insightful)

    by tmu (107089) <todd-slashdot@rene[ ].com ['sys' in gap]> on Monday May 08, 2006 @12:28PM (#15286513) Homepage
    Bluesecurity (BS) are either confused or misleading people.

    There is no way that a single "backbone" provider could have installed a null route to block all traffic to their network. Bluesecurity is served by a Haifa-based provider called Netvision (Autonomous System number 1680). Netvision buys internet transit from four providers:

    --UUnet/701 (uunet north america)
    --UUnet/702 (uunet europe/middle east)
    --btn/3491 (beyond the network)
    --telia/1299 (telia sonera international backbone).

    what the heck is BS claiming? that *all* of them installed a null route at once. do they even know what a null route is.

    i'm getting annoyed enough at this nonsense to think about blogging about it in more detail over at www.renesys.com/blogs . perhaps later today.

    foolishness.
    • Re:What nonsense (Score:3, Interesting)

      by NeutronCowboy (896098)
      Nearly all traffic crosses UUNet backbones at some point. I've never heard of BTN (and I did worldwide network performance analysis for over two years not so long ago), so I can't imagine them carrying much traffic without routing through some other Tier-1 provider very soon. As for Telia, they don't carry much traffic. If PharmaMaster really managed to convince someone at UUNet to blackhole a website, it's very conceivable that no one outside of Israel would be able to access them.
    • Looking now, BlueSecurity seems to have moved their operations to Prolexic [prolexic.com] as of a few hours ago. This will buy them some DDoS protection. Prolexic is based in Miami, and most of my traceroutes are getting lost in Phoenix, but I can't tell if that's something Prolexic is doing or a very clever blackhole.

      Netvision also seems to have GlobalXing/AS3549 as a transit provider.

      My suspicion (since I don't have a looking glass with a historical search), is that someone with access to the main BGP reflectors inside

Building translators is good clean fun. -- T. Cheatham

Working...