Re: Mail DoS from Bellsouth

From: LR (spam@linuxsecurity.com)
Date: 08/22/02


From: "LR" <spam@linuxsecurity.com>
Date: Thu, 22 Aug 2002 15:14:19 -0400


"/dev/null" <dev'0x2e'null@BeginThread.com> wrote in message
news:IH899.210121$sA3.276109@rwcrnsc52.ops.asp.att.net...
> I know you've said you've tried contacting them in many different forms,
> just to check, have you tried the two contact addresses and phone numbers
in
> their whois: (?)
>
> Technical Contact:
> Hostmaster (HOS260-ORG) hostmaster@BELLSOUTH.NET
> BellSouth.net
> 28 Perimeter Center East BLDG 30
> Atlanta, GA 30346
> US
> (770) 522-6300
> Fax- - (770) 522-4002
>

Heh, go figure...this worked. The 770# listed is their NOC. The person at
the other end was 10x more compentant than anyone I've spoken to yet.
Thanks for helping me see past the angry fog that was rising.

>
> I have a question for you. If you decide to "go to the authorities"
because
> of Bellsouth's lack of response, who would you call? (I'd like to know in
> case I need to call them some day).

Trust me, this is a tough question that comes up often. The only
authorities right now are the FTC and the FBI, and they're so overwhelmed
re: SPAM that they really can't do anything. I've established a contact in
the local FBI field office for particularly nasty cases.

>
> I know when you're in the middle of the battle it's hard to keep your cool
> and be stratigic, so I offer this viewpoint to help. Ultimately I see two
> routes to take if you can't get any response.
>
> 1. Open up to Bellsouth and let them "get this off their chest". If you
> route the email to internal servers your servers may generate "No such
user"
> emails back to Bellsouth, intensifying the war. So it may be good to set
up
> a dummy MTA (as suggested by others) to just suck in this junk and dump
it.

That's not a bad idea and one I was considering exploring...Ultimately
though I've decided to fight this battle because a very large-scale provider
like Bell South should have a better handle on their network.

> Of course if this is an on-going problem, i.e. whoever spoofed your domain
> as the "from" address on these bogus emails continues to generate these
> emails, eventually you'll have to get hold of someone who can make it
stop.
> I'd say a written letter from an attorney seeking damages would be a good
> show-stopper to send them.

That's really the only other step to get the traffic to stop. But hopefully
the people at the NOC will be more responsive and help out. Again, yes,
it's easier to block it and wait or suck it in and > /dev/null it but I'm a
big advocate of taking responsiblity for what goes on in your network...

Thanks again...

LR