Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Filter the messages please!

4 views
Skip to first unread message

Frog-Admin

unread,
Oct 22, 2001, 10:54:30 AM10/22/01
to
-----BEGIN PGP SIGNED MESSAGE-----

On 22 Oct 2001, Klingsor <klin...@sorcery.con> wrote:
>On Mon, 22 Oct 2001, Nomen Nescio <nob...@dizum.com> wrote:
>>It's time to filter out the floods and spam mail, rather than let them
>>create havoc with the remailer system.
>>
>>There is free speech and there is garbage.
>>Flooding and spam are garbage.
>>Discard it.
>>There has been a lot of flooding in the newsgroups as well.
>>If it is filtered out, it will discourage this type of behaviour.
>
>Who are you talking to?
>
>The only one who can filter posts is you, using your newsreader
>software.

Actually, there are two different issues:
-the entry point
-the emerging point

==========
Emerging point is nobody's business but the emerging remailer's business.
If he allows NG flooding and mail-bombing,
he will be the only one to take the heat from it.
(let us neglect that he gives some bad name to the remailer network)
[I have the means to filter the most gross abuse,
but it requires some human work and I don't make a religion of it,
and if I don't have time to adjust such filters, that is it.]
[And of course NG readers are responsible for their own filters]

==========
Entry points are a different story because a rogue remop can jeopardize another remailer's existence.

===
Let us imagine an attacker [ATT] with a bandwidth of 10.000 messages/day available to kill a |TARGET] remailer.
[ATT] wants to kill [TARGET] remailer, and he knows about [ROGUE] not giving a shit.
[ATT] uses [ROGUE] as an entry point with a chain like
[ROGUE][TARGET][Random][TARGET][Random][TARGET][Random][TARGET].....
Because you can have up to 20 remailers in a MIX chain,
and if we neglect losses due to unreliability and IDLOG expire:
-The remailer network will have a global strain of 200.000 messages/day
-The [TARGET] will be nailed with 100.000 messages/day
IOW it will be flooded to death
-(all that with an "investment" of 10.000 messages/day)
-[ROGUE] will hardly suffer more than 10.000 messages/day

===
Actually, the situation is even worse because there is no need for a [ROGUE] remailer who would turn a blind eye on a 10.000 messages/day injection.
[ATT] just needs a chain like:
[Random][TARGET][Random][TARGET][Random][TARGET][Random][TARGET].....
to get the same result as above
If there are 20 remailers eligible as random entry points,
none of them will see the attacker as injecting more than 500 messages/day

=======
Conclusion:
Each remailer must rely on all the others to prevent flooding attacks like the ones described above.
It is safe to have a litmus, on each remailer
-no more than a few hundred messages/day from a non-remailer-source-
to ensure everyones's security

===========
And YES I believe the 30.000 messages/day flood I sustained for the whole summer was the result of such attack:
it would only have taken 125 messages/day on each of 20 injection points
with 20-remailer-chains to account for the extra 25.000 messages/day I got

And YES there are other and more vicious attacks.

================================
That is why I want to OUT such attackers before they get expertise and put tyhey OFFLINE
BTW
about the latest flood:
~~~~~~~~~~~~~~~~~~~~
Return-path: <sugafa...@anonymous.to>
Received: from 808multimedia.com (64.132.88.21) by Frog's Mercury SMTP (Server) (Mercury/32 v3.30) ID MG009BCA;
18 Oct 01 01:39:56 +0200
Received: from o-52en0zv285ijw ([24.160.242.167]) by 808multimedia.com ( IA Mail Server Version: 3.2.1. Build: 1082 ) ) ; Wed, 17 Oct 2001 18:21:36 -0600
From: sugafa...@anonymous.to
Date: 17 Oct 2001 23:21:29 -0000
To: FrogRe...@frogadmin.yi.org
~~~~~~~~~~~~~~~~~~~~

- -I got an answer from the open relay 808multimedia.com
they said the account got cancelled
it is probably true because they stopped banging at my firewall
- -I got no answer from roadrunner (ab...@rr.com)
IOW the attacker [24.160.242.167] still has a cable-like bandwidth
(say 30.000 messages/day, 3 times what I used in my calculations
which is much more than enough to kill any remailer here)

That is why I will harass roadrunner
until they cancel that [24.160.242.167] account
with all means at hand,
and I suggest all remops do the same
That is a life and death issue for the network

-----BEGIN PGP SIGNATURE-----
Version: N/A

iQEVAwUBO9QyRYDgT488d3zFAQEFaggAhoG9fsKSAzuEYfNwI1bB99p467pdj8NH
yrKeViWz5qasdV1LdRBwgf11isLQl/liA7GyetbTye4JdRqcf+PVVD0KJGpj9EWo
8Gg1ng7g02trQmGdO0GKWXA0dVtE3VyMvk5lEy/Dx6EfxbNqy4vGhqqGuLrDE76O
+FPnBOcV9UFOFj3L35c2dD4BuWutc3GGp1tJZmf0M9la6nPhjE6Ee5H7Nx5twWyr
G/ukPLzNBlgux0OSo1DeBYJQ27LFYt5/Ms6pkD5QoNGq8biBvlwdoDf/b9cNs9HP
q7iHd203vCHqjI8IsF7+LeHbWURBmR1fcMoooJCmSxsf1GZpcKKznQ==
=xbuQ
-----END PGP SIGNATURE-----


Thomas J. Boschloo

unread,
Oct 22, 2001, 4:42:41 PM10/22/01
to
Frog-Admin wrote:

You're not killing your own kind are you? Like FA killing anon.to. An
anonymous web interface probably means well. An e-mail to the domain
owner might be more constructive than killing each other. After all,
this might be deaths by friendly fire! Just guessing though, maybe I
just don't understand what is going on.

Regards,
Thomas
--
Alec Empire, Destroy 2000 years of culture: "They always try and get you
back to what they define as reality"


Frog-Admin

unread,
Oct 23, 2001, 5:19:29 AM10/23/01
to
-----BEGIN PGP SIGNED MESSAGE-----

On Tue, 23 Oct 2001, Anonymous via the Cypherpunks Tonga Remailer <nor...@cypherpunks.to> wrote:

>I don't know what software the remops are running, but
>Reliable software has in the configuration
><retrieve/count exceeded>,
That is actually unusable:
it would block traffic from fellow remailers

>and <file/source/blocked>
that works but it is easily circumvented if the sender changes his "From":
it blocks only the dumbest flooders

I have to use other techniques, outside Reliable.

-----BEGIN PGP SIGNATURE-----
Version: N/A

iQEVAwUBO9U104DgT488d3zFAQEeAAgAg8fpz0sn3lc9IzYdouIHqNWqQ/kXFlsq
Eno7D0ql3uH9VH0Bitgo3iwkHUjnHoTpLUbezm/r1DDE3952vIbtqpJ378m3CUiT
O0qqSnDg/SksSUXml7gVwXzc5S3AOb9yk3nFGJzockCP18CZBGLDsHFTUm9BVVCu
Jrk4R8Cmje63Np61bmYvGAiIktwDH0aChRP/SMuCfHcCqE94kCkpkaiCnPvCuysc
DrM0331sNM4thZql0bzAUNeZWO1yBLKk8TjZ1EzQJS+pRHWGlhYiPQNwkotCjqFr
FFCGq/T9RNaLk6sSF4ZjTBLNUf1x2gPV9EuHPyfvAr9ZFkRP0N6xFg==
=ze4v
-----END PGP SIGNATURE-----


disa...@saiknes.lv.no.spam.net

unread,
Oct 23, 2001, 5:51:49 AM10/23/01
to
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

Frog-Admin wrote:
> >I don't know what software the remops are running, but
> >Reliable software has in the configuration
> ><retrieve/count exceeded>,
> That is actually unusable:
> it would block traffic from fellow remailers

whitelisting can help here (but there also is the problems)

or even better changed protocol:
remailers signs the messages,
accptets only signed messages,
and limited number of unsigned messages from the same ip.
__
Disastry http://disastry.dhs.org/
http://disastry.dhs.org/pgp <----PGP plugins for Netscape and MDaemon
^--GPG for Win32 (supports loadable modules and IDEA)
^----PGP 2.6.3ia-multi05 (supports IDEA, CAST5, BLOWFISH, TWOFISH,
AES, 3DES ciphers and MD5, SHA1, RIPEMD160, SHA2 hashes)
http://disastry.dhs.org/remailer <----Dismix remailer stats
-----BEGIN PGP SIGNATURE-----
Version: Netscape PGP half-Plugin 0.14 by Disastry / PGPsdk v1.7.1

iQA/AwUBO9UhjzBaTVEuJQxkEQMfHgCg2SA7+jGasLmDiR8gj4enC0AUaUEAoKvP
QsrmqhwZwIVMu1gpvFUXrucx
=wRx0
-----END PGP SIGNATURE-----

Thomas J. Boschloo

unread,
Oct 23, 2001, 6:08:01 AM10/23/01
to
"Thomas J. Boschloo" wrote:

> You're not killing your own kind are you? Like FA killing anon.to. An
> anonymous web interface probably means well. An e-mail to the domain
> owner might be more constructive than killing each other. After all,
> this might be deaths by friendly fire! Just guessing though, maybe I
> just don't understand what is going on.

I have been to anonymous.to and they actually REQUIRE you to give them
your e-mail address. And they offer to send you LOTS of spam. I would be
glad if these suckers are somehow shut down. They do no service to the
remailer community. Only to themselves.

Frog2

unread,
Oct 23, 2001, 8:01:44 AM10/23/01
to
On Mon, 22 Oct 2001, "Thomas J. Boschloo" <bosc...@multiweb.nl> wrote:

[SNIP] More Boschloo nonsense

WHAT A BOSCHLOO!!!

Thomas J. Boschloo

unread,
Oct 24, 2001, 9:44:06 AM10/24/01
to
-----BEGIN PGP SIGNED MESSAGE-----

disa...@saiknes.lv.NO.SPaM.NET wrote:

> Frog-Admin wrote:
> > >I don't know what software the remops are running, but
> > >Reliable software has in the configuration
> > ><retrieve/count exceeded>,
> > That is actually unusable:
> > it would block traffic from fellow remailers
>
> whitelisting can help here (but there also is the problems)
>
> or even better changed protocol:
> remailers signs the messages,
> accptets only signed messages,
> and limited number of unsigned messages from the same ip.

Still, this wouldn't help against messages injected at another remailer
(as explained in the 'Frog-Admin' attack). /ALL/ remailers must use
intelligent trottling and other methods of traffic control in order for
any protocol to work. The only alternative is lost traffic, and FA hates
this more than anything (I believe he has kill-filed me BTW).

Regards,
Thomas

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.5.3i for non-commercial use <http://www.pgpi.com>
Comment: My homepage <http://home.tiscali.nl/~mwdabe90>

iQB5AwUBO9a3lAEP2l8iXKAJAQFjygMbBKHGdqEgvG09OSGXaAz9zsunwsTa6146
P9MArCNQGF9jlk1bQ0t/5AqK+Cd000inaXFleLc++i7QF25M8TWbvB2/FGAJVHB3
CecbYqpRcjY49G8ax9Z81TuIKf2IVHwcXU1Mbw==
=Rv6s
-----END PGP SIGNATURE-----

Anonymous

unread,
Oct 30, 2001, 9:46:01 AM10/30/01
to
On Wed, 24 Oct 2001, "Thomas J. Boschloo" <bosc...@multiweb.nl> wrote:

>Still, this wouldn't help against messages injected at another remailer
>(as explained in the 'Frog-Admin' attack). /ALL/ remailers must use
>intelligent trottling and other methods of traffic control in order for
>any protocol to work. The only alternative is lost traffic, and FA hates
>this more than anything (I believe he has kill-filed me BTW).
>
>Regards,

Look at the Boschloo sucker in MAJOR ASS-LICKING MODE !

"Frog, fuck my ass, I brought the vaseline, slap me, whip me, but ANSWER.
Show the miscreants I am worth your time & attention.
Give the world evidence that I am not in your killfile.
I will drink your piss, I will eat your shit, I will swallow your spunk, I will lick your footprint, but ANSWER.
Lord, just say one word and you will save me from oblivion"

Anonymous

unread,
Oct 30, 2001, 9:48:01 AM10/30/01
to
On Wed, 24 Oct 2001, "Thomas J. Boschloo" <bosc...@multiweb.nl> wrote:

>Still, this wouldn't help against messages injected at another remailer
>(as explained in the 'Frog-Admin' attack). /ALL/ remailers must use
>intelligent trottling and other methods of traffic control in order for
>any protocol to work. The only alternative is lost traffic, and FA hates
>this more than anything (I believe he has kill-filed me BTW).
>
>Regards,
>Thomas

Look at the Boschloo sucker in MAJOR ASS-LICKING MODE !

"Mighty Frog-Admin, fuck my ass, I brought the vaseline, slap me, whip me, but ANSWER.

Frog-Admin

unread,
Oct 30, 2001, 10:21:16 AM10/30/01
to
-----BEGIN PGP SIGNED MESSAGE-----

On Tue, 30 Oct 2001, Anonymous <nob...@remailer.privacy.at> wrote:
>On Wed, 24 Oct 2001, "Thomas J. Boschloo" <bosc...@multiweb.nl> wrote:
>
>>Still, this wouldn't help against messages injected at another remailer
>>(as explained in the 'Frog-Admin' attack). /ALL/ remailers must use
>>intelligent trottling and other methods of traffic control in order for
>>any protocol to work. The only alternative is lost traffic, and FA hates
>>this more than anything (I believe he has kill-filed me BTW).
>>
>>Regards,
>>Thomas
>
>Look at the Boschloo sucker in MAJOR ASS-LICKING MODE !
>
>"Mighty Frog-Admin, fuck my ass, I brought the vaseline,

SANS vaseline: j'encule a sec.
'Qu'un sang impur abreuve ton sillon'


-----BEGIN PGP SIGNATURE-----
Version: N/A

iQEVAwUBO92OzoDgT488d3zFAQEe5Af/cdEQ6ccw0BcXy9HrUPW3cmohn+zxqnX4
KVXzAZdMFw/AmLQeldPEg6YrSjGKF2qNX1fxzcQsHnXsKChouoTWrGbfd7POLuti
mY2KMO2cXgq4dxluv5qz0Pz/hh3v1S8drCDES/guKNCLpDNUXEVzyHSguhdxsLYG
xQTu/l9OwUsg1aSyuIxdnfq2TROJLiitv0x+pEW54SbnNxmJdEtAef+JScucfpGf
OssyYtomcM9O8euKloUHulG87VLFMYtoQcOdSc1EH4ZepzxJQnT91OUGeXsYkXG4
/gs01D6TjjRGxJJm8p2vOVPyMx8kFi5upp7wOHouJoN1UeiaUmwHmA==
=WK+H
-----END PGP SIGNATURE-----

Frog-Admin

unread,
Oct 30, 2001, 10:30:09 AM10/30/01
to
-----BEGIN PGP SIGNED MESSAGE-----

On Tue, 30 Oct 2001, Anonymous <nob...@remailer.privacy.at> wrote:

>On Wed, 24 Oct 2001, "Thomas J. Boschloo" <bosc...@multiweb.nl> wrote:
>
>>Still, this wouldn't help against messages injected at another remailer
>>(as explained in the 'Frog-Admin' attack). /ALL/ remailers must use
>>intelligent trottling and other methods of traffic control in order for
>>any protocol to work. The only alternative is lost traffic, and FA hates
>>this more than anything (I believe he has kill-filed me BTW).
>>
>>Regards,
>>Thomas
>
>Look at the Boschloo sucker in MAJOR ASS-LICKING MODE !
>
>"Mighty Frog-Admin, fuck my ass, I brought the vaseline,

SANS vaseline: comme tous les Francais, j'encule a sec.

Thomas J. Boschloo

unread,
Oct 30, 2001, 11:01:28 AM10/30/01
to
Frog-Admin wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----

> >Look at the Boschloo sucker in MAJOR ASS-LICKING MODE !
> >
> >"Mighty Frog-Admin, fuck my ass, I brought the vaseline,
>
> SANS vaseline: j'encule a sec.
> 'Qu'un sang impur abreuve ton sillon'
>
> -----BEGIN PGP SIGNATURE-----
> Version: N/A

> -----END PGP SIGNATURE-----

This signature doesn't seem to verify. I wonder why? Could it be that an
imposter posted this? Oh no, what a kind of a moron would impersonate FA
and put such rude words in his mouth!

Still, I am glad that my _Former_ newsserver has decided to procreate my
posts after all. And within the timespan of a whole week! Amazing! This
tiscali guys keep getting better and better </major sarcasm intended>.

Hi2All,
Thomas


Incognito Innominatus

unread,
Oct 30, 2001, 3:15:04 PM10/30/01
to
On Tue, 30 Oct 2001, "Thomas J. Boschloo" <nos...@hccnet.nl.invalid> wrote:
>Frog-Admin wrote:
>>
>> -----BEGIN PGP SIGNED MESSAGE-----
>
>> >Look at the Boschloo sucker in MAJOR ASS-LICKING MODE !
>> >
>> >"Mighty Frog-Admin, fuck my ass, I brought the vaseline,
>>
>> SANS vaseline: j'encule a sec.
>> 'Qu'un sang impur abreuve ton sillon'
>>
>> -----BEGIN PGP SIGNATURE-----
>> Version: N/A
>> -----END PGP SIGNATURE-----
>
>This signature doesn't seem to verify.

How sad you are now, sissy Boschloo.

But you got all wet while you imagined that mighty Frog-Admin had listened to your plea and had dropped an eye on you and your antics.
Even if it were to be rude and harsh.

Don't cry, maybe somebody will wipe your tears.
And I am still there to kick your ass.
Along with the "Boschloo FAQ" and a couple of bots.


Thomas J. Boschloo

unread,
Oct 31, 2001, 2:31:45 AM10/31/01
to
-----BEGIN PGP SIGNED MESSAGE-----

Incognito Innominatus wrote:
>
> On Tue, 30 Oct 2001, "Thomas J. Boschloo" <nos...@hccnet.nl.invalid> wrote:

> >This signature doesn't seem to verify.
>
> How sad you are now, sissy Boschloo.
>
> But you got all wet while you imagined that mighty Frog-Admin had listened to your plea and had dropped an eye on you and your antics.
> Even if it were to be rude and harsh.

Yeah, I always wanted to make up with FA. If you have his phone number,
don't feel too shy to post it to me in an encrypted and signed envelope.

> Don't cry, maybe somebody will wipe your tears.
> And I am still there to kick your ass.
> Along with the "Boschloo FAQ" and a couple of bots.

Cool, I'll stick along. Maybe you can even learn me something in the
progress.

Regards,
Thomas
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.5.3i for non-commercial use <http://www.pgpi.com>
Comment: My homepage <http://home.tiscali.nl/~mwdabe90>

iQB5AwUBO9+azgEP2l8iXKAJAQHnJAMgpJ83g+3KayOAzCt7BrHxlGo2Z86ExhKJ
OYphs74qicX4ENxCL0Rzs8FY7Fk/HgOuAD7SJIzIiPD6Dt3f6GtvUP6GYnWa2k3X
nETnIOr5qD4mYTTLVTDx+ueXECKUSaqzhlb9cw==
=0T0S
-----END PGP SIGNATURE-----

0 new messages