A handful of Telstra broadband users have been identified by the operators of the Spam and Open Relay Blocking System (SORBS) blacklist as the source of some distributed denial of service (DDoS) data aimed at knocking down the service. This battle, which has been raging for nine weeks, has already claimed the scalp of blacklist Osirusoft, which shut down last month.
SORBS operator Matthew Sullivan told ZDNet Australia his service, like other blacklists, has been subjected to a bombardment of traffic that peaked at 3 billion bytes a second.
"They hit us again this morning locally...they used some Telstra [customer] machines," Sullivan said. "Its changed from day to day. The problem that we've had is that most of the time it's been a spoofed attack."
Some of the traffic was traced to Telstra through SORBS' bandwidth provider, he said. It's not just SORBS that is a victim in this situation--it's likely that broadband users whose machines have been hijacked by spammers will be costing their owners a fortune in traffic charges, Sullivan added.
The attacks are not limited to SORBS. The Spam Prevention Early Warning (SPEWS) list has also been bombarded with traffic--it's the least popular service of its type, he said. "I also mirror SPEWS which has made me doubly unpopular."
The police didn't want to know about SORBS's problems because until now there was no traffic traceable to an Australian source, Sullivan said. He's now liaising with security clearing house AusCERT to try and crack down on the Australian component of the attack.
AusCERT general manager Graham Ingram says the issue should be taken seriously by the government at high levels. "The very fact that someone has developed...a very good approach to the spam issue and there are attempts to close him down by attacks--it's something that people should notice," he told ZDNet Australia "What I'd like to do is take it down to the National Office for the Information Economy."
"If indeed spammers are aggressively going after people developing anti-spam technologies then this is a pretty interesting development," Ingram added.
The next step for Sullivan is to seek legal advice to see if the owners of the machines connected to Telstra's network can be sued for neglecting to secure their systems against vulnerabilities which could have been exploited by spammers. "These machines are not even running virus detectors on them... these machines are not being looked after," he said.
For its part, Telstra says that any user's machine found to be involved in a DDoS will be immediately disconnected from its BigPond broadband network. "It's in the acceptable usage policy that DoS attacks either deliberate or inadvertent are not acceptable," a spokesman said. "If we are provided with evidence of a DoS attack emanating from a Bigpond customer we would try to get in touch with that customer, but if we can't, then we would immediately suspend the account."
I get a lot of spam from .au domains. I have sent many complaints to them and the spam continues. Since they are not doing anything about the spam coming from their network they are getting on many block-lists.