This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/anti-abuse-wg@ripe.net/
[anti-abuse-wg] anti-abuse-wg Digest, Vol 61, Issue 6
- Previous message (by thread): [anti-abuse-wg] What's the point in this type of spam ?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Marilson
marilson.mapa at gmail.com
Mon Nov 21 04:42:48 CET 2016
Peter, You are being the victim of a swindler. He is passing himself off as a well-known lawyer, Mark J. Silberman, to take your money. If you make contact - munged (at) gmail.com - you will know how he acts. Report to antispam_gdnoc at 189.cn. Marilson From: anti-abuse-wg-request at ripe.net Sent: Sunday, November 20, 2016 9:00 AM To: anti-abuse-wg at ripe.net Subject: anti-abuse-wg Digest, Vol 61, Issue 6 Send anti-abuse-wg mailing list submissions to anti-abuse-wg at ripe.net To subscribe or unsubscribe via the World Wide Web, visit https://mailman.ripe.net/ or, via email, send a message with subject or body 'help' to anti-abuse-wg-request at ripe.net You can reach the person managing the list at anti-abuse-wg-owner at ripe.net When replying, please edit your Subject line so it is more specific than "Re: Contents of anti-abuse-wg digest..." Today's Topics: 1. Re: New on RIPE Labs: Reasons Dynamic Addresses Change (Ramakrishna) 2. What's the point in this type of spam ? (peter h) 3. Re: What's the point in this type of spam ? (ox) ---------------------------------------------------------------------- Message: 1 Date: Sat, 19 Nov 2016 06:41:43 -0800 From: Ramakrishna <ramapad at cs.umd.edu> To: anti-abuse-wg at ripe.net Subject: Re: [anti-abuse-wg] New on RIPE Labs: Reasons Dynamic Addresses Change Message-ID: <CAAYmKkJ3DjUf7bd9pUktFwr8QjV3QtNAWMF41VzTeFbqskE4kQ at mail.gmail.com> Content-Type: text/plain; charset="utf-8" > ok... so first of all the address changes within DTAG and most other german SOHO DSL providers, from what i heard back then, goes back to the days of dialup... a couple of years ago they apparently still were forced by law (or something) to also offer DSL on a 'charge per time use' basis, and also disconnect virtual channels every once in a while, something to do with anti-competition to the telephone dialup network.. which apparently is why most german dsl providers still do that. Ah, thanks for providing the historical context for why German DSL providers change addresses so frequently. I am skeptical, however, that there is a law requiring German DSL providers to disconnect virtual channels 'every once in a while' because I asked several German colleagues about such a law and they were unable to find one (I would be delighted if you can point me to one!). > secondly... if your authentication and telling users apart has anything to do with layer 3, your authentication method is just crap, not well thought of, etc. There are other use-cases for IP addresses as end-host identifiers that I outlined in my post (such as counting the number of users in a system by counting the number of distinct IP addresses). I am personally interested in measuring outages by pinging IP addresses belonging to residential CPEs. My premise for detecting outages is that an address that sends responses to active probes is alive and well, and that a previously responsive address that has stopped responding to probes could be experiencing an outage. This premise is incorrect when I am pinging a dynamic address that has been withdrawn from the CPE; thus, I would love to analyze dynamic reassignment behavior across ISPs. I agree that using IP addresses for identifying users for authentication purposes isn't ideal but sometimes, IP addresses are the easiest way to identify users. Other times, they are the only ways to identify users. For example, if one is defending against a DoS attack, the most straightforward and efficient approach is to blacklist that IP address temporarily. How long that address can continue to remain in the blacklist is the question that we aim to answer. > as for wikipedia, it also leaks ips all over the place. (basically inciting users to ddos each other,although probably a less common result than with IRC.) Well, wikipedia is only one example of a well-known company that employs IP address based blacklists. In private conversation with Google and several content-delivery networks (including one where I interned earlier this year), I learned that IP addresses are very much a part of host-reputation systems. So although IP addresses as end-hosts isn't ideal, it's a common assumption and our work shows that the assumption can actually even be valid for weeks at a time in North American ISPs. Cheers, Rama http://www.cs.umd.edu/~ramapad/ -------------- next part -------------- An HTML attachment was scrubbed... URL: </ripe/mail/archives/anti-abuse-wg/attachments/20161119/0ffe4c0a/attachment-0001.html> ------------------------------ Message: 2 Date: Sat, 19 Nov 2016 19:01:43 +0100 From: peter h <peter at hk.ipsec.se> To: anti-abuse-wg at ripe.net Subject: [anti-abuse-wg] What's the point in this type of spam ? Message-ID: <201611191901.44498.peter at hk.ipsec.se> Content-Type: text/plain; charset="iso-8859-1" The last days i have been sent a number of these threats, they come from different addresses ( stolen computers ) but contain no links or attatchements. Is the goal to harass the gmail user ( it's munged by me to protect an innocent person ) Received: from 14.145.207.224 ([113.68.244.108]) by ipsec.se (8.13.6/8.13.6) with SMTP id uAILTOwC091474 for <peter at ipsec.nu>; Fri, 18 Nov 2016 22:29:32 +0100 (CET) Message-Id: <201611182129.uAILTOwC091474 at ipsec.se> Received: from unknown (HELO localhost) (mark.silberman78 at gmail.com@177.205.66.120) by 113.68.244.108 with ESMTPA; Sat, 19 Nov 2016 05:29:22 +0800 From: m-**-.-munged-78 at gmail.com To: peter at ipsec.nu Subject: You are hacked! Date: Sat, 19 Nov 2016 05:21:56 +0800 Content-Type: X-UID: 5404 X-Length: 910 Your email peter at ipsec.nu has been hacked and spam is sent to all your contacts! If you don't have a lawyer, you may contact me at <munged>@gmail.com Best Regards, M**- m**-.-munged-78 at gmail.com -- Peter H?kanson There's never money to do it right, but always money to do it again ... and again ... and again ... and again. ( Det ?r billigare att g?ra r?tt. Det ?r dyrt att laga fel. ) ------------------------------ Message: 3 Date: Sun, 20 Nov 2016 07:53:34 +0200 From: ox <andre at ox.co.za> To: peter h <peter at hk.ipsec.se> Cc: anti-abuse-wg at ripe.net Subject: Re: [anti-abuse-wg] What's the point in this type of spam ? Message-ID: <mailman.2.1479639602.27612.anti-abuse-wg at ripe.net> Content-Type: text/plain; charset=US-ASCII On Sat, 19 Nov 2016 19:01:43 +0100 peter h <peter at hk.ipsec.se> wrote: > The last days i have been sent a number of these threats, they come > from different addresses ( stolen computers ) but contain no links or > attatchements. > Is the goal to harass the gmail user ( it's munged by me to protect > an innocent person ) > There is not a single one of the trillions of spams that are senseless. All spam has a reason to exist and no spam is ever senseless - not even a single one... There are a few goals with your spam as it is rich with possibilities. The vast majority of spam only has a singular goal and your spam is rich in possibilities :) The most obvious is to confuse/poison (some/basic) anti spam systems: > Received: from 14.145.207.224 ([113.68.244.108]) > Received: from unknown (HELO localhost) > (mark.silberman78 at gmail.com@177.205.66.120) by 113.68.244.108 My software handles any headers that deviate from the expected with extreme care as there are only a limited number of reasons why headers are different than expected Other goals (and their are many with your example of Shotgun spam (named after shotgun weddings) Goals may be to solicit a relationship with victims, cyber criminals are finding it more challenging to open dialog and engage with shotgun victims It may be to target the @gmail account holder, to receive spam that Google will allow as it will be from other victims (think denial of service or just to attack/assault a gmail account holder) and of course many other reasons hth andre > > Received: from 14.145.207.224 ([113.68.244.108]) > by ipsec.se (8.13.6/8.13.6) with SMTP id uAILTOwC091474 > for <peter at ipsec.nu>; Fri, 18 Nov 2016 22:29:32 +0100 (CET) > Message-Id: <201611182129.uAILTOwC091474 at ipsec.se> > Received: from unknown (HELO localhost) > (mark.silberman78 at gmail.com@177.205.66.120) by 113.68.244.108 with > ESMTPA; Sat, 19 Nov 2016 05:29:22 +0800 From: > m-**-.-munged-78 at gmail.com To: peter at ipsec.nu > Subject: You are hacked! > Date: Sat, 19 Nov 2016 05:21:56 +0800 > Content-Type: > X-UID: 5404 > X-Length: 910 > > Your email peter at ipsec.nu has been hacked and spam is sent to all > your contacts! If you don't have a lawyer, you may contact me at > <munged>@gmail.com > > Best Regards, > M**- > m**-.-munged-78 at gmail.com > End of anti-abuse-wg Digest, Vol 61, Issue 6 ******************************************** -------------- next part -------------- An HTML attachment was scrubbed... URL: </ripe/mail/archives/anti-abuse-wg/attachments/20161121/183ecc21/attachment.html>
- Previous message (by thread): [anti-abuse-wg] What's the point in this type of spam ?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]