[155707] in North American Network Operators' Group
Re:
daemon@ATHENA.MIT.EDU (Owen DeLong)
Tue Aug 21 23:35:15 2012
From: Owen DeLong <owen@delong.com>
In-Reply-To: <CAK__KzscmRPOi6Xw-VhuPsE-3HJdHTxWvxH_nDrUZpXgh7VhJw@mail.gmail.com>
Date: Tue, 21 Aug 2012 20:31:02 -0700
To: George Herbert <george.herbert@gmail.com>
Cc: goemon@anime.net, nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Aug 21, 2012, at 16:22 , George Herbert <george.herbert@gmail.com> =
wrote:
> On Tue, Aug 21, 2012 at 4:06 PM, <goemon@anime.net> wrote:
>> On Tue, 21 Aug 2012, George Herbert wrote:
>>>=20
>>> On Tue, Aug 21, 2012 at 3:25 PM, <valdis.kletnieks@vt.edu> wrote:
>>>>=20
>>>> On Tue, 21 Aug 2012 17:11:49 -0500, Grant Ridder said:
>>>>>=20
>>>>> I love spam from Honduras. I am hoping that someone is going to =
kick
>>>>> this
>>>>> email from the members list.
>>>>=20
>>>> I'm hoping for something a tad more drastic. The bozo has an =
upstream,
>>>> and this
>>>> is NANOG. :)
>>>=20
>>> Back when I was at Berkeley, we used to punish offenders by routing
>>> their packets out to Finland and back (before Finland's net admins
>>> figured out what we were doing and quite rightly complained).
>>>=20
>>> Does anyone have a very lightly used, long long low bandwidth link
>>> they can dedicate to The Cause?
>>=20
>>=20
>> I'm thinking wire cutters would be more effective.
>>=20
>> -Dan
>=20
> No, no, no no.
>=20
> The objective is to maximize wasted spammer time. The trick is to not
> just disconnect them - that happens every day, they just move on.
> It's to make their life irritating, painful, and less productive, to
> the point where time they'd be spending getting new business and
> working on new anti-filtering technology is spent corresponding with
> net providers and doing network quality checks, wondering if they
> should or have to bail out of a now flaky network. With just the
> right mixture, you can waste five, ten, twenty times more of their
> time with a carefully engineered glitch than you can just chopping
> them off.
>=20
Reminds me of the cmd.exe CGI PERL script I wrote once...
I noticed I was constantly getting people trying to execute CMD.EXE on =
my
linux web server. So, instead of filling up my logs with 404s, I wrote a =
little
PERL script to send them a copy of the compiled 64-bit linux kernel
one octet at a time with 5 seconds between octets. It truly amazed me
how many of the bots would sit there patiently receiving dribs and drabs
of traffic until the entire 8+Mbyte kernel was transmitted.
Owen
