The original focus of the Realtime Blackhole List (RBL) when it began operations in mid-1997 was on identifying the sources of dedicated, professional spammers. Over time, the success of the RBL forced abusers to resort to other channels for distributing spam such as third party relaying and direct-to-MX contacts.
These countermeasures to our defenses, as well as newly emerging sources of abuse have made it necessary to modify our own strategies in response. We will describe the RBL strategies in its earliest days before discussing the more recent and more insidious forms of e-mail abuse MAPS is attempting to control.
When a professional spammer gets a leased line, we find out about it when they start spamming us, and we track down every network object they own and we blackhole all or nearly all of them. Mail servers, web servers, name servers, terminal servers, usenet servers -- everything. If a professional spammer owns it, we don't want it talking to us, no matter what the protocol.
When an ISP sells dialup or leased line connectivity to a spammer, we try really hard to get them to cancel the contract and strengthen their acceptable use policy (AUP) against future spammers. If they plead inability to break the contract (which is very common),but they are willing to tell us exactly which netblocks have been allocated to the spammers, we will blackhole only the spammer subnetblocks.
Mail Abuse Prevention System’s Realtime Blackhole List
Mail Abuse Prevention System’s Realtime Blackhole List
Blackholing Due to Spam Origination (Now)
More recently, legitimate and respected businesses have stumbled into the spamming business. It is even more important to address unsolicited bulk email (UBE) from the Fortune 500 than it is to challenge UBE promoting multi-level marketing schemes.
When well-respected companies begin using UBE as part of their direct marketing campaigns, it is almost always the result of the mistaken attempt to apply direct mail and telephone marketing principles to e-mail.
In practice, this means that businesses should never presume to shift the costs of their advertising onto their customers until they have been given explicit permission to do so. Would any respectable marketer even dream of using collect phone calls or postage due mailings to reach potential customers?
Marketers wishing to use e-mail should consider the foregoing question carefully when preparing their campaigns. Advertising based on permission marketing principles have proven to be extremely successful. Opt-in is a win-win strategy for both marketers and consumers.
On the other hand, marketers who wish to insist on a so-called opt-out strategy -- in which they take it upon themselves to send as much promotional material as they want to someone's e-mailbox until asked to stop -- are eligible for listing on the RBL The opt-out approach violates our fundamental principle: all communications must be consensual.
Problems with MAPS NetworkWorld, Sept 10,2001. “One Friday afternoon in January, Internet Billing Company – one of the five most visited business-to-business sites on the Web – suddenly found online transaction requests from its customers were being blocked. The reason was that iBill’s name popped up on an antispam group’s blacklist that as many as half of the ISPs in the U.S. use to block e-mail and IP traffic from alleged spammers. Amazingly, no one had ever accused iBill of sending spam. However, someone complained to the antispam group Mail Abuse Prevention System (MAPS) that one of iBill’s thousands of customers had spammed them. MAPS not only placed the accused spammer on its Realtime Blackhole List (RBL), it listed iBill’s entire block of 254 IP addresses as well. ‘ We didn’t know what was going on’ says Marty Essenburg, iBill’s CIO at the time, who estimates that the four-day blacklisting cost iBill $400,000 in lost revenue. “There was no warning, it was automatic and we had to sit back and play catch-up. They hurt our revenue stream, and they tell us how to do business.” Black Ice Software CEO Jozsef Nemeth says MAPS contacted him in March 2000 requesting Black Ice change the way it conducts business with its customers. When someone downloads Black Ice software, the company sends an e-mail thanking the person and listing technical support information. Black Ice later sends periodic e-mail marketing materials to those customers, which includes a provision that lets recipients unsubscribe. MAPS told Black Ice it had to switch to an ‘opt in’ system or its e-mail would be considered spam and it Would be listed on the RBL…When Nemeth refused…his company was slapped on the RBL.”
Net Shepherd Family Search filter returned only 1% of sites returned by non-filtered search using Alta Vista -- even though search was on items such as “American Red Cross”, “Thomas Edison”, and “National Aquarium”.
One university’s filtering blocked the Edupage newsletter because of the sentence:
“ The new bill is more narrowly focused than the CDA, and is targeted strictly at impeding the flow of commercial pornography on the World Wide Web.”
Cybersitter blocked sites for National Organization for Women, Godiva chocolates, and the teen website Peacefire.
Cyber Patrol allowed 6 of the first 16 sites listed on Yahoo’s category “Sex: Virtual Clubs”
“ Net Nanny 4 comes preloaded with a list of both appropriate (Can Go) and objectionable (Can't Go) web sites. Our web site research team is constantly updating this list and it can be automatically updated to your computer - FREE of charge - at anytime. Of course, you have the full capability to scan our web site lists and easily modify them to meet your own family standards. Below are the different categories and criteria we use when determining which web site to add to our lists:”
… think of your telephone network as thousands of low-speed internet connections. Public Switched Telephone Network (PSTN)
The TCP/IP Network Users Web Server Router Internet Firewall Intrusion Detection Attacker
The Actual Network Router Firewall Users Intrusion Detection Internet Web Server PBX Public Telephone Network RAS (Dial-in Servers)
PBX Security in The Actual Network Public Telephone Network Router Firewall Users Intrusion Detection Internet Web Server RAS (Dial-in Servers) Attacker
Security in The Actual Network PBX Public Telephone Network Router Firewall Users Intrusion Detection Internet Web Server RAS (Dial-in Servers) Attacker “ 2-4% of all telephone lines have active modems”
Unauthorized access to ISP’s PBX Public Telephone Network Router Firewall Users Intrusion Detection Internet Web Server RAS (Dial-in Servers) Virus protection mechanisms can be circumvented Proprietary data can be uploaded by users
In ’97, Peter Shipley dialed the San Francisco Bay area looking for systems answered by a modem. He eventually finished the entire range but the final report hasn’t been published. Early results reported, however, included:
a network that is constructed by using public wires to connect nodes. For example, there are a number of systems that enable you to create networks using the Internet as the medium for transporting data. These systems use encryption and other security mechanisms to ensure that only authorized users can access the network and that the data cannot be intercepted.
VPN’s – IP security issue IP Header Other Headers User Data TCP/IP Packet Which of these is needed for routing across the Internet?
Most VPNs use tunneling to create a private network across the Internet. Essentially, tunneling is the process of placing an entire packet within another packet and transmitting it over a network. The protocol of the outer packet is understood by the network and both endpoints, called tunnel interfaces , where the packet enters and exits the network.
Firewalls, which can be used for NAT, can also perform VPN services: e.g. Cisco PIX
SCADA systems Supervisory control and data acquisition (SCADA) is a system that allows an operator to monitor and control processes that are distributed among various remote sites. There are many processes that use SCADA systems: hydroelectric, water distribution and treatment utilities, natural gas, etc. SCADA systems allow remote sites to communicate with a control facility and provide the necessary data to control processes. For many of its uses, SCADA provides an economic advantage. As distance to remote sites increase and difficulty to access increases, SCADA becomes a better alternative to an operator or repairman’s visiting the site for adjustments and inspections. Distance and remoteness are two major factors for implementing SCADA systems
SCADA Elements There are four major elements to a SCADA system: the operator, master terminal unit (MTU), communications, and remote terminal unit (RTU). RTU 1 RTU 2 MTU RTU 3 RTU 4