DOS Attack Via US Postal Service

Phronesis writes "Bruce Schneier reports in Crypto-Gram about the slashdot-inspired Post-office DOS attack on SPAM-king Alan Ralsky. More interesting, Schneier writes, is a recent paper on Defending against an internet-based attack on the physical world, which generalizes this attack and discusses how it could be automated and how one might defend against it (you can't stop it, but you could make it harder to effect). From the abstract of the article: 'The attack is, to some degree, a consequence of the availability of private information on the Web, and the increase in the amount of personal information that users must reveal to obtain Web services.'"

anthrax

[IAR80]

Wasn't the last DOS attack through postal service using anthrax?

Re:Politics that hard way

[Anonymous Coward]

Your stamp costs 39 cents. The cost of my volunteer's 5 seconds which it took to open and discard the envelope costs me about 0 cents. Good try, though

Ping of death?

[metalhed77]

Wasn't the last DOS attack through postal service using anthrax?

would that be the physical incarnation of the "ping of death" attack?

death and taxes

[joe_bruin]

quick, if we slashdot the IRS via the usps, they might never get to my taxes!

Re:Ping of death?

[IAR80]

yep. And I guess the Unabomber was the physical incarnation of the "mail bomb".

Re:Lack of authentication

[Anonymous Coward]

Woohoo Schneier must be really lost outside of his cyrptography theory barrel, i mean the guy is resorting to writing papers on 7th grade pranks?

What's next? A careful examination of how to defend against someone ringing your doorbell and running away?

Give me a freakin' break.

Hey michael

[fobbman]

You forgot to log off of your terminal, and Taco came in and posted a repost [slashdot.org] under your name.

Postbox filters

[Anonymous Coward]

paper on Defending against an internet-based attack on the physical world

Perhaps some sort of packet filter [protectiondogs.com] on the mailbox layer might be useful.

DoS!=DOS

[SHEENmaster]

"Denial of Service", is the flooding of a server so that it stops functioning.
"Disk Operating System", is an OS like Windows that bases its structure upon drives rather than directories like UNIX/Linux or Mac OS do. Windows NT is still a DOS even if it (supposedly) doesn't contain MS-DOS derived code.

On a side note, DOSes seem to contribute more to server malfunctions than DoSes.

Be Aware...

[A Guy From Ottawa]

It just goes to show that people should be very careful with their personal information.

Sincerely,

Guy LeBarge
186 Rideau St.
Ottawa, ON
K1A 25U

The paper..

[EinarH]

Anyone except me that see the irony in the fact that those who wrote the paper Defending against an internet-based attack on the physical world [avirubin.com] displays their physichal world location on the top of the paper?

Re:Lack of authentication

[grammar fascist]

Not only that, but they'd probably be of the "If you don't want to subscribe, please reply" type.

Re:Hardly DOS is it

[Anonymous Coward]

let's all write them letters to find out.

One variation on the same theme

[forged]

This is nothing new. Back 20 years ago or so, my father (heh!) used to collect old newspapers at airports, then he would fold 3 or 4 newspapers together into a very thick enveloppe and send this without stamps to a person of his choice that he disliked at this time.

That worked well because where we lived, enveloppes without a return address and without stamps were delivered allright, and had to be paid in full by the receiving party for the cost of shipping plus a penalty fee for not stamping the mail in the first place.

I doubt that he's ever made someone loose great amounts of money, but that must have annoyed the hell out of those people receiving junk and having to pay for it !

Re:Ping of death?

[CoyoteGuy]

Could be worse.. What if they re-enacted WinNuke? :)

Re:This is a serious issue

[Angry White Guy]

You sure? Post your address here :)

From your freak list...

APL bigot (606126)
aussersterne (212916)
chris_mahan (256577)
CowardNeal (627678)
cranos (592602)
DAldredge (2353)
Elbereth (58257)
Godeke (32895)
Gojira Shipi-Taro (465802)
Graspee_Leemoor (302316)
Grishnakh (216268)
Hott of the World (537284)
IceAgeComing (636874)
Inthewire (521207)
isoteareth (321937)
LucVdB (64664)
mansemat (65131)
MillionthMonkey (240664)
NineNine (235196)
No More Wankers (605612)
nordicfrost (118437)
not_anne (203907)
PinkStainlessTail (469560)
prizog (42097)
ronfar (52216)
sheldonb (68034)
sir99 (517110)
squiggleslash (241428)
stephenbooth (172227)
TheBahxMan (249147)
thumperward (553422)
tigris (192178)
Tom7 (102298)
warmcat (3545)
workindev (607574)
zod1025 (189215)
_Ludwig (86077)

Re:Lawsuit Result

[Tackhead]

I do believe the original CBC article left out some things. Allow me to fill in the gaps:

[

George Allen Moore's] company [Maryland Internet Marketing] hawks everything from [what appears to have been pirated or unlicensed OEM copies of commercial] software to [non-FDA-approved] diet drugs [of highly questionable efficicacy].

"Every time you try to mess with me, I will post it and more people will learn about you," Uy warned other spammers. "I don't need to encourage harassment against you, and I don't need to. Your best option is to crawl back under a rock."

Moore [who didn't take advantage of Uy's very kindhearted and generous offer] says he's considering further legal action. [as a defendant about to have his balls pounded flat with an AOL-branded mallet. AOL's legal team plans to turn Moore's head into a pickle jar and keep it on top of Steve Case's fridge when this is all over.]

Much better.

Re:Huh?

[Pfhreakaz0id]

Out of curiosity, exactly what criminal law does this violate?
impersonation of an anal orifice.

Re:Be Aware...

[MalleusEBHC]

So what did this Guy LeBarge dude do to piss you off? ;)

Setting them on each other..?

[Anonymous Coward]

So, someone could write a script to harvest the form details for a whole lot of catalogue companies, **and each company's address** at the same time. Then they could sign each company up for all the other companies' catalogues. Not only would each of these snail-mail spammers suffer a deluge of mail in a week or two, they'd also spend a fortune on mailing catalogues they'd never recover through sales, heh! Perhaps they could be put out of business, making life nicer for the rest of us..?

Now, if only I could write PERL... :-)

2 Cool fun things to try!

[mabhatter654]

First, when the lawsuit [counter suit] gets going, can they get a deposition aginst him to discuss how he:

a. reads all of his own spam email? If not, why? Why should we?
a. sends anonomus mail-and the list of addresses he sends it from.
b. blocks incomming spam from his personal accounts! Does he include a "secret" header code in the spam, or block the list of addresses that he owns+ his buddies? How can I be on that list?

Did everyone make sure to slightly misspell his name, fake name, etc. when they filled out the forms [note: I only just heard about this and being a lamer have not contributed my self] This would make being removed from the lists that much harder. Of course, I'm sure he's against the "do not spam" lists--so he shouldn't expect anyone to automate the removal process for his address from the databases, now should he!

The positive side of REAL junk mail

[HeyBob!]

Years ago, I read about a guy who intentionally signed up for as many catalogs and other junk mail as possible. I think he got 200 lbs a day. He heats his house with it.

Re: Google and DOS Attack Via US Postal Service

[HeghmoH]

I always wondered why instructions contained phrases like:

Now type "somecommand" (without the quotes).

Now I know....

I saw that in Harry Potter.

[TheBoostedBrain]

Yepp.. at the beginning of the first harry potter movie he is attacked this way by Hogwarts.

Not funny yet

[phrenq]

Enough time hasn't passed. 22.3 years. That's how long it takes for something tragic to become funny.

This calls for some testing...

[tregoweth]

Anyone know Bill Gates' home address?

'occupant' changed his name to 'alan ralsky'

[snot whistle]

'occupant' changed his name to 'alan ralsky' it was in the news today. really.
if you get mail for 'occupant', make sure you fill out a forwarding slip, available from your local post office.
really, this is true. occupant was worried he would miss a catalog. he has lived at so many different places, you know.
remember, alan ralsky wants every catalog he could theoretically receive in a perfect world. let's make the world a little more perfect!

Re:Lack of authentication

[TKinias]

Y'know, maybe I'm the only one, but I got some amusement from `George Walker Bush' posting under the subject `Lack of authentication'...

Re:Hardly DOS is it

[ctucker]

Just mail him a postcard that says "PING" and see how long it takes him to reply.

Real estate disclosure-

[way2trivial]

Agent 'under disclosure laws, I must inform you of any known defects'
Buyer, "here it comes, what's the catch- the price is so low"

Agent 'this house was formerly owned by Alan Ralsky who...' WHHHHOOOOSHH!!!!
Agent muttering to himself "-- every damn time..