Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Spam The Internet

Spammers Hijacking IP Space 233

Posted by kdawson from the open-and-shut-case dept.
Ron Guilmette writes "As reported in the Washington Post's Security Fix blog, a substantial hunk of IP address space has apparently been taken over by notorious mass e-mailing company Media Breakaway, LLC, formerly known as OptInRealBig, via means that are at best questionable. The block in question is 134.17.0.0/16, which I documented in depth in an independent investigation. (Apparently, the President of Media Breakaway has now admitted to the Washington Post that his company has been occupying and using the 134.17.0.0/16 block and that front company JKS Media, which provides routing to the block, is actually owned by Media Breakaway.) Remarkably, the president of Media Breakaway, who happens to be an attorney, is trying to defend his company's apparent snatching of this block based upon his own rather novel legal theory that ARIN doesn't have jurisdiction over any IP address space that was handed out before ARIN was formed, in 1997."
This discussion has been archived. No new comments can be posted.

Spammers Hijacking IP Space More

Spammers Hijacking IP Space

Comments Filter:

  • Wouldn't it be nice... (Score:4, Insightful)

    by dreamchaser ( 49529 ) on Tuesday April 29, 2008 @08:59PM (#23246764) Homepage Journal
    ...if everyone just blocked that IP range entirely at their routers, shutting off their connectivity?

    There was a time when the Internet was a 'small' enough place that it would have even been feasible. Kind of like blacklisting a Usenet server for spam.

  • Re:Wouldn't it be nice... (Score:4, Insightful)

    by Fluffeh ( 1273756 ) on Tuesday April 29, 2008 @09:02PM (#23246802)
    Only problem with that approach is that you are therefore in fact giving them that IP space by lack of a fight.

    That would then lead to another group "claiming" another spot of space, and so on and so forth - until there was no legitimate or unused space left at all - then you would have to fight the same fight with many many people rather than one spamming company as we have now.

  • Blackhole == Defeat! (Score:5, Insightful)

    by Fluffeh ( 1273756 ) on Tuesday April 29, 2008 @09:09PM (#23246872)
    If the IP is simply blackholed, you are by lack of argument allowing this Spammer to put some sort of credible hold on that IP. That's like finding a squatter in a house on the street where the owners have gone on holiday - and simply putting a peice of tape across the driveway - it doesn't solve the bigger problem which is that someone walked into the house and started living there without any credible reason of doing so. It doesn't solve the problem of what's going to happen when the people return from holidays and find this squatter in their house.

    Also, if we simply blackhole that IP, what's going to happen when a legitimate user tries to use that space. It's going to go to bollocks for them when they find that the rest of the net is ignoring them already.

  • Blackholing this address space may not be wise (Score:5, Insightful)

    by Whuffo ( 1043790 ) on Tuesday April 29, 2008 @09:15PM (#23246900) Homepage Journal
    If you're going to add this address space to your firewall or block it at the router - consider that this rogue outfit is likely to be taken down soon, and that address space may then be assigned to a legitimate operation. There's not an unlimited number of addresses left in IPv4 you know.

    What's been happening for years now is well-meaning admins blocking various IP addresses / blocks and/or domain names. Their motives are good, but after the address or domain name is blocked they almost never go back and recheck to see if the block is still needed. What this leads to over time are holes in the address space that can't be used, awkward or no routes to some addresses from some other addresses, etc. Especially in this time of zombie machines; blackhole that IP address and you've knocked some individual off line - but you've done nothing to reduce the amount of spam / viruses / worms / etc.

    This is what killed ORBS and other services of that type. Easy to add domains / addresses to the blocklist, but difficult to remove them. Eventually the list becomes useless...

    Much better solution: make an example out of the people who are squatting on this netblock. Break out the pitchforks and torches...

  • Spammers know no limits (Score:5, Insightful)

    by erroneus ( 253617 ) on Tuesday April 29, 2008 @09:15PM (#23246902) Homepage
    There's only one true solution to the problem of spammers. Death. I'm not joking. These people that create botnets, hijack networks and servers so that they can sell advertising are creating problems on a global scale for money. Nothing but death will stop or deter them. They need to die.

    It's good that I do not own any firearms and good that I do not know where these people live and good that I lack the means to get there. If I had those things and an air-tight alibi, I wouldn't hesitate to make my first murder one of these people.

  • Re:Blackholing this address space may not be wise (Score:5, Insightful)

    by v1 ( 525388 ) on Tuesday April 29, 2008 @09:19PM (#23246930) Homepage Journal
    He has to peer somewhere. THEY should be the ones to blackhole him. One way or another he has to be paying someone off to route in his direction. I don't see why that's hard to cut off?

  • Re:Blackholing this address space may not be wise (Score:3, Insightful)

    by mysidia ( 191772 ) on Tuesday April 29, 2008 @09:38PM (#23247104)

    If you're willing to pay enough for the bandwidth you will probably find a major provider to let you advertise your range.

    For the origin of that range to get as far as they have, they clearly had paperwork to prove to their upstream that the range is assigned to them.

    You're their customer. Without a very good reason to do so, they won't (can't) blackhole you without violating whatever interconnection agreement was signed.

    Temporarily blocking a range should cause no permanent issue for the new owners, not that a range like that one can be re-assigned quickly.

    Since it had already been used before, very possibly the range would be considered un-assignable, just like the class E ranges and other ranges which were originally reserved/special.

    But you see, it's better to have a range be unusable than to have a range with bad documentation that can be occupied by whatever spammer wants to occupy it.

    (Or: blackholed is better than can be freely occupied on tenuous or ridiculous reasoning arising out of strange circumstances -- like the person who wants to occupy it used to be a contact for the the defunct organization who it was once registered to)

  • who is linking this to the backbone? (Score:3, Insightful)

    by timmarhy ( 659436 ) on Tuesday April 29, 2008 @09:53PM (#23247220)
    this has a very simple fix. major backbone providers like at&t need to cease routing from providers who allow this kind of misconfiguration of the internet.

    because that's all it is, a mid level isp has added someone to their routing tables with ip's that they have no right to. simply telling their provider to correct their configurations or all their traffic will be dropped should be enough, indeed it should be mandatory for backbone providers to do this in order for them to legally keep their own ip ranges. anything else is asking for people to start claiming ip's all over the place and before you know it each isp will route you to a different site for the same ip, making the internet useless.

  • Re:"Hijack?" (Score:1, Insightful)

    by Anonymous Coward on Tuesday April 29, 2008 @09:54PM (#23247232)
    It more like squatting in a car dealership and stealing the cars to use in crimes. You can "claim" to own it but you don't, but if everybody blacklists it the legitamate owners can't use it either.

  • Re:Wouldn't it be nice... (Score:4, Insightful)

    by Metasquares ( 555685 ) <{moc.derauqsatem} {ta} {todhsals}> on Tuesday April 29, 2008 @11:11PM (#23247742) Homepage
    How will everyone know when the block is reclaimed? You'll end up with an entire /16 that no one can use because everyone is still blocking it.

  • Re:A lack of ethics (Score:3, Insightful)

    by swordgeek ( 112599 ) on Wednesday April 30, 2008 @11:54AM (#23251662) Journal
    I expect that people will misinterpret what you mean by shun, or maybe I am. However, I agree entirely--if it could be done in a comprehensive way. Imagine if nobody would sell groceries or toilet paper to Bill Gates, because of his behaviour. Rather than being invited as guests to TV shows, the media would all collectively turn their backs on the likes of Darl McBride and Steve Ballmer at press conferences. The Richters shouldn't be able to get power, water, or gas service to their houses or businesses. People wouldn't BUY their products, people wouldn't SELL products to them, people wouldn't INTERACT with them, and people wouldn't ACCEPT them into the community. This would provide some strong incentive to behave ethically. (Both social and financial.)

    Unfortunately, we need to fix humanity (or at least society) before it'll work. Cheap prices, convenience, and lying trump ethics every time. Kurt Vonnegut commented on the psychopathic behaviour of corporate leaders, and in fact being a psychopath is almost a prerequisite to being a CEO. The companies themselves behave psychopathically. Capitalism and ethics are contrary. Worst of all though, is that as a capitalistic society, we encourage and reward this behaviour, by buying cheap and convenient every time.

Slashdot Top Deals

There are two ways to write error-free programs; only the third one works.

Close