Reporting Little Blue Men

Dean Anderson dean at
Wed Jan 21 18:49:45 UTC 1998

The key point that many missed is that because the FBI is overloaded with
complaints like this, legitimate DoS attacks go uninvestigated and

Normally, Eric (the original poster of the smurfing problem), would go to
the FBI for help in tracking down and prosecuting the perpetrator.

But some have noticed lately that they aren't getting much help in DoS
cases.  I'm just explaining why.

Further, I hope it should be clear that spam non-combatants have to get
involved to stop the chaos, and enforce federal laws on spammers and
anti-spammers, or suffer further lack of police response on real crimes.
We are the ones who are damaged, when real crimes against us aren't
prosecuted and real crimminals aren't punished.  Thats what spam has to do
with smurfing.

>> all the involved parties.  Since no one is getting physically injured and
>> no money is being stolen, I think they are just waiting to see what
>Who says no money is being stolen?
>Every time a UCE is delivered to my server, someone out there has stolen
>resources from me.  Resources *are* money.

They are resources you have sold to your customers. You can't snoop what
your customers do with the resources.  If you doubt this, read first my
spampolicy, then buy "Firewalls and Internet Security", and "Unix System
Security", read what they say, and then discuss the laws with your lawyer.

>Everytime a network is smurfed, network resources have been stolen.
>It's just like as if someone out there set up an auto-dialer to tie up
>a businesses fax machine, or busy up all their lines.

Intent is a key issue. If they are doing it to deny services, they are
breaking the law.  If you have a ton of users all trying to dial in, they
are not breaking the law; you sold them accounts.

People actually trying to sell products via email are not trying to deny
services.  They are not breaking the law, at least, not by existing.  But
the FBI is swamped with these sort of complaints.  They aren't buying them.
And they are overlooking legitimate complaints because of it.

>Relays aren't the only problem.  The problem is that SPAM is an
>acceptable form of advertising in the eyes of the US Government (and others).

Thats a political issue. Good luck, and have fun storming the castle.

But when you take the step from advocacy to actions you are violating the
law in almost every case.  You can advocate anything, but you can't go
tearing down buildings, or in this case, intercepting communications.

Even if anti-spam laws are passed, you won't be able to monitor packets or
users to detect violations of the law, any more than the phone company can
listen in on your calls to make sure you aren't placing illegal bets.


           Plain Aviation, Inc                  dean at

More information about the NANOG mailing list