[OT] Spam in c.l.c.m

[Old Wolf]

Which moderator allows the spam messages in comp.lang.c.moderated? I thought
half the point of moderation was to avoid such messages.
In case you don't know what I'm talking about, recent messages include:
17-Apr: Call for an Impeachment Inquiry of Bush and Cheney
16-Apr: Call for an Impeachment Inquiry of Bush and Cheney
15-Apr: Hey, Corporate America! Show Taxpayers Some Apprecia...
10-Apr: Statement on Spam and VoteNader.org

 

[Ben Pfaff]

Which moderator allows the spam messages in comp.lang.c.moderated? I thought
half the point of moderation was to avoid such messages.
In case you don't know what I'm talking about, recent messages include:
17-Apr: Call for an Impeachment Inquiry of Bush and Cheney
16-Apr: Call for an Impeachment Inquiry of Bush and Cheney
15-Apr: Hey, Corporate America! Show Taxpayers Some Apprecia...
10-Apr: Statement on Spam and VoteNader.org

Those messages all forged the moderation header, too. They
appeared all over Usenet. Not much a moderator can do about
people who abuse the network to that extent. At most they can be
canceled.

 

[Ioannis Vranos]

"...deficient support can be a virtue.
It keeps the amateurs off."
--Bjarne Stroustrup

Where did you see that?






Ioannis Vranos

 

[Flash Gordon]

Those messages all forged the moderation header, too. They
appeared all over Usenet. Not much a moderator can do about
people who abuse the network to that extent. At most they can be
canceled.

They can also be reported to their ISPs who *should* do something about
the spammers. When I have the time I trace them back and report them.

 

[Dan Pop]

Which moderator allows the spam messages in comp.lang.c.moderated? I thought
half the point of moderation was to avoid such messages.
In case you don't know what I'm talking about, recent messages include:
17-Apr: Call for an Impeachment Inquiry of Bush and Cheney
16-Apr: Call for an Impeachment Inquiry of Bush and Cheney
15-Apr: Hey, Corporate America! Show Taxpayers Some Apprecia...
10-Apr: Statement on Spam and VoteNader.org

If you had the slightest clue about Usenet moderation you'd know that it
is *trivial* to bypass it (anyone with half a clue can generate the
required header line). Usenet was designed for people willing to
play by the rules, not for the net vandals of the recent times.

Complain ONLY when the spam messages have the moderator's "seal
of approval" (spammers never bother forging it). Otherwise, the
moderator is as responsible for their presence as YOU are.

Dan

 

[Ioannis Vranos]

They can also be reported to their ISPs who *should* do something about
the spammers. When I have the time I trace them back and report them.

Unfortunately with nowadays full raw socket support from all bowadays
systems, it is possible to completely spoof the ip address.

Check http://grc.com/dos/winxp.htm

And why not, also check http://grc.com/default.htm






Ioannis Vranos

 

[Gordon Burditt]

They can also be reported to their ISPs who *should* do something about

Unfortunately with nowadays full raw socket support from all bowadays
systems, it is possible to completely spoof the ip address.

Spoofing a TCP connection (needed for mail and news) where you are
not on the same wire as the machine you are spoofing still requires
some effort (but it's not impossible). TCP requires a handshake,
which is hard to do if the target machine sends the handshake to
the machine you are spoofing, not you, and that machine keeps
responding with a RST packet because it knows nothing about the
connection you just set up, causing your target to tear it down.
Even if the machine you are spoofing is down, you need to know/predict
the TCP sequence number to use for the connection, which is hard
if you can't get hold of replies that the target machine is sending.
If you are on the same wire as the machine you are spoofing, this
gets easier, but it also makes it easier to find the spoofer.

"spoofing" a TCP connection from a machine where you can actually
control the machine in question isn't really even spoofing, since
the packets really do come from (are relayed by) the machine in
question, but it makes it hard to identify who's controlling them.
This is the point of many viruses - setting up remote-controllable
machines that can be used to relay SPAM..

UDP and ICMP floods using forged source addresses are fairly easy,
especially if the purpose is just to flood the target, not get
useful information from it.

Check http://grc.com/dos/winxp.htm

There may be limits to how much you can send packets with fake
source addresses, coming under the heading in the above link of
"Network Egress Filtering". Done well, this means you can't fake
source IP addresses except for those "close" to you. That means
the complaints go to the correct ISP and he can narrow down the
source more quickly. Now if only all ISPs did this ...

Gordon L. Burditt

 

[Mark McIntyre]

Unfortunately with nowadays full raw socket support from all bowadays
systems, it is possible to completely spoof the ip address.

Euh, full raw socket support has been around in the OSen of haxor's choice
for decades. WinXP is merely the latest in a long line of OSen that have
offered this, most of them not from Redmond.

Check http://grc.com/dos/winxp.htm

In this area, steve is spouting bullsh*t. There's plenty of discussion of
this elseweb.

 

[Ben Pfaff]

Where did you see that?

It was a long time ago and I no longer recall. Probably in
print, because the only instances that Google picks up are from
my own articles.

 

[Flash Gordon]

On 19 Apr 2004 20:13:31 GMT

Spoofing a TCP connection (needed for mail and news) where you are

There may be limits to how much you can send packets with fake
source addresses, coming under the heading in the above link of
"Network Egress Filtering". Done well, this means you can't fake
source IP addresses except for those "close" to you. That means
the complaints go to the correct ISP and he can narrow down the
source more quickly. Now if only all ISPs did this ...

True.

Of course, even if you do manage to spoof the IP successfully, the NNTP
server can still be identified and this will either be:

1) The NNTP server of the appropriate ISP
2) An NNTP server you have to log in to, so the Usenet account can be
cancelled.
3) An open NNTP server, in which case whoever owns it needs to know it
is being abuse so they can sort it out.

Also, if a virus has been used to take over someones machine for sending
the post, then that machine needs to be identified and sorted. So even
if it is not the spammers machine IMHO reporting it can still do some
good.

 

[Ioannis Vranos]

True.

Of course, even if you do manage to spoof the IP successfully, the NNTP
server can still be identified and this will either be:

1) The NNTP server of the appropriate ISP
2) An NNTP server you have to log in to, so the Usenet account can be
cancelled.
3) An open NNTP server, in which case whoever owns it needs to know it
is being abuse so they can sort it out.

Also, if a virus has been used to take over someones machine for sending
the post, then that machine needs to be identified and sorted. So even
if it is not the spammers machine IMHO reporting it can still do some
good.

That's nice in theory but in reality this whole mechanism (ISP, NNTP server
owner, the military) would not mobilize for some spam messages. So if he has
spoofed his IP, your suggestion "They can also be reported to their ISPs who
*should* do something about the spammers. When I have the time I trace them
back and report them." will have no effect, or worse may be some innocent to
get the blame. I think it is high time for a more secure communication
protocol, with the inability to spoof an address (but also the protocol to
not intrude in privacy).






Ioannis Vranos

 

[bd]

Unfortunately with nowadays full raw socket support from all bowadays
systems, it is possible to completely spoof the ip address.

Not with NNTP - you can send a TCP SYN packet to open a connection but
you'll never get the response, and thus never be able to open the
connection.