Spammers Hijacking IP Space 233
Ron Guilmette writes "As reported in the Washington Post's Security Fix blog, a substantial hunk of IP address space has apparently been taken over by notorious mass e-mailing company Media Breakaway, LLC, formerly known as OptInRealBig, via means that are at best questionable. The block in question is 134.17.0.0/16, which I documented in depth in an independent investigation. (Apparently, the President of Media Breakaway has now admitted to the Washington Post that his company has been occupying and using the 134.17.0.0/16 block and that front company JKS Media, which provides routing to the block, is actually owned by Media Breakaway.) Remarkably, the president of Media Breakaway, who happens to be an attorney, is trying to defend his company's apparent snatching of this block based upon his own rather novel legal theory that ARIN doesn't have jurisdiction over any IP address space that was handed out before ARIN was formed, in 1997."
Wouldn't it be nice... (Score:4, Insightful)
There was a time when the Internet was a 'small' enough place that it would have even been feasible. Kind of like blacklisting a Usenet server for spam.
Re:Wouldn't it be nice... (Score:4, Insightful)
That would then lead to another group "claiming" another spot of space, and so on and so forth - until there was no legitimate or unused space left at all - then you would have to fight the same fight with many many people rather than one spamming company as we have now.
Blackhole == Defeat! (Score:5, Insightful)
Also, if we simply blackhole that IP, what's going to happen when a legitimate user tries to use that space. It's going to go to bollocks for them when they find that the rest of the net is ignoring them already.
Blackholing this address space may not be wise (Score:5, Insightful)
What's been happening for years now is well-meaning admins blocking various IP addresses / blocks and/or domain names. Their motives are good, but after the address or domain name is blocked they almost never go back and recheck to see if the block is still needed. What this leads to over time are holes in the address space that can't be used, awkward or no routes to some addresses from some other addresses, etc. Especially in this time of zombie machines; blackhole that IP address and you've knocked some individual off line - but you've done nothing to reduce the amount of spam / viruses / worms / etc.
This is what killed ORBS and other services of that type. Easy to add domains / addresses to the blocklist, but difficult to remove them. Eventually the list becomes useless...
Much better solution: make an example out of the people who are squatting on this netblock. Break out the pitchforks and torches...
Spammers know no limits (Score:5, Insightful)
It's good that I do not own any firearms and good that I do not know where these people live and good that I lack the means to get there. If I had those things and an air-tight alibi, I wouldn't hesitate to make my first murder one of these people.
Re:Blackholing this address space may not be wise (Score:5, Insightful)
Re:Blackholing this address space may not be wise (Score:3, Insightful)
If you're willing to pay enough for the bandwidth you will probably find a major provider to let you advertise your range.
For the origin of that range to get as far as they have, they clearly had paperwork to prove to their upstream that the range is assigned to them.
You're their customer. Without a very good reason to do so, they won't (can't) blackhole you without violating whatever interconnection agreement was signed.
Temporarily blocking a range should cause no permanent issue for the new owners, not that a range like that one can be re-assigned quickly.
Since it had already been used before, very possibly the range would be considered un-assignable, just like the class E ranges and other ranges which were originally reserved/special.
But you see, it's better to have a range be unusable than to have a range with bad documentation that can be occupied by whatever spammer wants to occupy it.
(Or: blackholed is better than can be freely occupied on tenuous or ridiculous reasoning arising out of strange circumstances -- like the person who wants to occupy it used to be a contact for the the defunct organization who it was once registered to)
who is linking this to the backbone? (Score:3, Insightful)
because that's all it is, a mid level isp has added someone to their routing tables with ip's that they have no right to. simply telling their provider to correct their configurations or all their traffic will be dropped should be enough, indeed it should be mandatory for backbone providers to do this in order for them to legally keep their own ip ranges. anything else is asking for people to start claiming ip's all over the place and before you know it each isp will route you to a different site for the same ip, making the internet useless.
Re:"Hijack?" (Score:1, Insightful)
Re:Wouldn't it be nice... (Score:4, Insightful)
Re:A lack of ethics (Score:3, Insightful)
Unfortunately, we need to fix humanity (or at least society) before it'll work. Cheap prices, convenience, and lying trump ethics every time. Kurt Vonnegut commented on the psychopathic behaviour of corporate leaders, and in fact being a psychopath is almost a prerequisite to being a CEO. The companies themselves behave psychopathically. Capitalism and ethics are contrary. Worst of all though, is that as a capitalistic society, we encourage and reward this behaviour, by buying cheap and convenient every time.