Reporting Little Blue Men

Dean Anderson dean at
Wed Jan 21 00:03:42 UTC 1998

At 9:45 AM -0500 1/20/98, Eric Wieling wrote:

You should be able to figure out what interfaces they are comming in on.
That's the first step.

>Is there any point in trying to report these attacks?  Who would we
>report them to?  We don't know what the source is, after all the
>address is spoofed.  It seems kind of pointless to notify the victim
>-- they already know they have been smurfed.

You report them to the FBI. See "Firewalls and Internet Security" by
Cheswick and Bellovin, and "Unix System Security" by Curry.

Does that help?  Yes and no.  There are several laws being violated, but
the FBI basically isn't getting involved in the spam wars.  The first
violators were the anti-spammers who put in the blocking. The second
violators were the spammers who use relaying to get around that.
Anti-spammers are illegally intercepting (blocking) electronic
communications, and reading email, and the spammers are illegally exceeding
their authorization to access computers.  The anti-spammers are illegally
preventing access to computers and networks engaged in interstate commerce.
Anti-spammers illegally exceed their authority to cancel usenet messages.
Spammers try to post messages faster than they can be canceled.
Electronic packet wars with each side trying to out-send the other.

The FBI is aware of this.

I think the FBI is reticent to get involved since there is essentially an
electronic riot in progress, and they don't have the resources to arrest
all the involved parties.  Since no one is getting physically injured and
no money is being stolen, I think they are just waiting to see what
happens. Perhaps they think it will blow over. Or perhaps they just don't
think it important enough to get involved in. Perhaps its just the largest
flame war in the history of the planet, and shouldn't be taken too
seriously. Evidence is hard to gather and prosecute.

I suppose that some on this list are ill-disposed to accept they are
breaking any laws. I doubt anyone wants to argue this on this list.  So I

But you should note that both authors also indicate that (from Cheswick and
Bellovin, page 205): "Computing and electronic communications service
providers are more limited in their right to monitor user activity. Just as
the phone company personnel may not, in general, listen to your calls,
employees of a public electronic mail service may not read your messages,
whether in transit or stored." There will be more detailed information in
our spam policy.

I'm working on a spam policy which may be viewed at It includes all the laws that are being
broken by all the parties.  It's still a draft, but the main points are

>I want to do my part to try to stop attacks, but I'm baffled on this

Here's what you can do:

Get people to stop illegally blocking spam, and then get the spammers to
stop illegally using relays.  Once the network and online providers obey
the law, you can ask the spammers to obey the law, too.  It's pretty
pointless to only ask one group to obey the law.  It's pretty unlikely the
FBI will step in to enforce the law on only group while allowing the other
group break the law.

At some point, perhaps we can take a list of violators to the FBI and ask
them to restore order and enforce the laws on spammer and anti-spammer


           Plain Aviation, Inc                  dean at

More information about the NANOG mailing list