[CFD] UDP of IDT.NET
Howard Knight
Hello All,
It has become painfully clear that IDT.NET either does not care, or is
incapable of dealing with Matt Middleton's spam and forgeries that are
flowing from their news server. This has been going on for months now,
non stop!
Here is an example from January, 1999:
| Path: ...!news.idt.net!nntp.farm.idt.net!
^^^^^^^^^^^^^^^^^ <== POSTED
| nntp.dejanews.com!supernews.com!not-for-mail
^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^ <== FORGED
| From: cudworth <li...@dmiqzmq.net>
| Newsgroups: alt.sex.masturbation
| Subject: CD_4:\>Model_07\ - sslily04.jpg (1/)
| Date: Wed, 27 Jan 1999 03:50:52 GMT
| Organization: IDT (Best News In The World)
| Lines: 64
| Message-ID: <78m5m6$21t$44...@t8bqrov2s2.com>
| NNTP-Posting-Host: ip126.boston-xcom.ma.pub-ip.psi.net
Then in Febuary, LOTSANEWS.COM and NEWSGUY.COM were added to the forgery
list:
| Path: ...!news.idt.net!nntp.farm.idt.net!
^^^^^^^^^^^^^^^^^ <== POSTED
| extra.newsguy.com!lotsanews.com!
^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^ <== FORGED
| nntp.dejanews.com!supernews.com!not-for-mail
^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^ <== FORGED
| From: Sundharia Snowden <sund...@barnet.kharkov.ua>
| Newsgroups: alt.binaries.pictures.erotica.redheads
| Subject: Re: asfw STJ - hangmnc.jpg
| Date: Thu, 25 Feb 1999 00:03:19 GMT
| Organization: fzps74rugx
| Lines: 47
| Message-ID: <7b2407$c92$18...@dlsi.ua.es>
| NNTP-Posting-Host: ip247.abilene.tx.pub-ip.psi.net
Then in March, DIRECT.CA was added to the forgery list:
| Path: ...!news.idt.net!nntp.farm.idt.net!
^^^^^^^^^^^^^^^^^ <== POSTED
| extra.newsguy.com!lotsanews.com!
^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^ <== FORGED
| colby.direct.ca!newsfeed.direct.ca
^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^^^ <== FORGED
| From: Deonna <deo...@arlut.utexas.edu>
| Newsgroups: alt.sex.masturbation
| Subject: (New) - Yvonne Zima - "ER: YOU BET......" - yzey00x.jpg [1/]
| Date: Tue, 16 Mar 1999 18:36:00 GMT
| Organization: 7z7dj3g
| Lines: 74
| Message-ID: <7cm8ag$17e1$57...@caeth476.nortelnetworks.com>
| NNTP-Posting-Host: ip154.shreveport3.la.pub-ip.psi.net
| Mime-Version: 1.0
| Content-Type: multipart/mixed; boundary="----------=_921606795-21568-4"
SLURP.NET also appeared in the list in March:
| Path: ...!news.idt.net!nntp.farm.idt.net!
^^^^^^^^^^^^^^^^^ <== POSTED
| extra.newsguy.com!lotsanews.com!
^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^ <== FORGED
| colby.direct.ca!newsfeed.direct.ca!
^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^^^ <== FORGED
| newsfeed.slurp.net
^^^^^^^^^^^^^^^^^^ <== FORGED
| From: Shiv <ph...@hermes.spss.com.139.137.206.in-addr.arpa>
| Newsgroups: alt.sex.erotica.market.place
| Subject: nudeyrb.jpg Family Nudist movie Clips
| Date: Wed, 17 Mar 1999 02:26:45 GMT
| Organization: g265
| Lines: 83
| Message-ID: <7cn3t5$nsk$23...@a.bogus.address.com>
| NNTP-Posting-Host: ip85.salt-lake-city2.ut.pub-ip.psi.net
| Mime-Version: 1.0
| Content-Type: multipart/mixed; boundary="----------=_921629582-12732-2"
In the last part of March or first part of April, NORMAN.OK.US was added:
| Path: ...!news.idt.net!nntp.farm.idt.net!
^^^^^^^^^^^^^^^^^ <== POSTED
| extra.newsguy.com!lotsanews.com!
^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^ <== FORGED
| newsfeed.direct.ca!newsfeed.slurp.net!
^^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^^^ <== FORGED
| wilbur.ohww.norman.ok.us
^^^^^^^^^^^^^^^^^^^^^^^^ <== FORGED
| From: Whittaker Bourgeois <bour...@p7.f10.n5025.z2.FIDOnet.ftn>
| Newsgroups: alt.sex.masturbation
| Subject: Lea Thompson Naked!
| Date: Sun, 04 Apr 1999 21:22:37 GMT
| Organization: a
| Lines: 81
| Message-ID: <7e8l6s$ik1$38...@news.spacelab.net>
| NNTP-Posting-Host: ip242.santa-ana7.ca.pub-ip.psi.net
| Mime-Version: 1.0
| Content-Type: multipart/mixed; boundary="----------=_923261421-5244-4"
Today (4/7/1999), CONNECTNET.COM and CERF.NET were added:
| Path: ...!news.idt.net!nntp.farm.idt.net!
^^^^^^^^^^^^^^^^^ <== POSTED
| extra.newsguy.com!lotsanews.com!
^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^ <== FORGED
| newsfeed.direct.ca!
^^^^^^^^^^^^^^^^^^ <== FOREGD
| news.connectnet.com!nntp2.cerf.net!
^^^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^ <== FORGED
| newsfeed.slurp.net!wilbur.ohww.norman.ok.us
^^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^^^^^^^^^ <== FORGED
| From: SHANEA MC KNIGHT <mc_k...@f507.n50.z2.ftn>
| Newsgroups: alt.sex.wanted.escorts.ads
| Subject: wx8h.jpg (1/)
| Date: Wed, 07 Apr 1999 23:43:32 GMT
| Organization: y7wj
| Lines: 66
| Message-ID: <7egqj4$19ka$42...@wpi.edu>
| NNTP-Posting-Host: ip51.eagle.ny.pub-ip.psi.net
| Mime-Version: 1.0
| Content-Type: multipart/mixed; boundary="----------=_923537556-22224-6"
Besides all of these "Path" line forgeries, dozens (if not hundreds) of
legitimate domain and host names are being forged in the "From" line
and "Message-ID" line.
This abuse has gone on for far too long. I think a serious UDP (Usenet
Death Penalty) and de-peering is in order for IDT.NET.
I would also like to point out that PSI.NET has also been neglegent
in dealing with this spam/forgery. While the bulk of this spam is being
injected into IDT.NET's news server, there is a lot of it coming through
GLASSCITY.NET and FLASH.NET. I propose that we also nuke any post from
GLASSCITY.NET and FLASH.NET that originates from a PSI.NET dial-up.
Comments?
Howard
Howard Knight
: This abuse has gone on for far too long. I think a serious UDP (Usenet
: Death Penalty) and de-peering is in order for IDT.NET.
No one has a comment? No support? No objections?
I'll be happy to UDP IDT myself, but some discussion would be
appreciated. BTW, there were 909 of these spam/forgery turds that
were posted today. See:
http://dsrs.nntp.sol.net/reports/custom.19990904025943.html
Howard
Henrietta Thomas
how...@connectnet.com (Howard Knight) wrote:
>In article <EFYO2.185$Oi2....@news.connectnet.com> I wrote:
>
>: This abuse has gone on for far too long. I think a serious UDP (Usenet
>: Death Penalty) and de-peering is in order for IDT.NET.
>
>No one has a comment? No support? No objections?
I think most people probably have other things on their mind,
and we're waiting to see what happens with MSN, where a
de-peering petition is scheduled to go out tomorrow if we don't
hear from MSN. So have you heard anything from MSN?
As to this particular forgery, it looks real complicated to me.
This guy is using different From: lines and Path: forgeries.
If you did an active UDP, what would you focus on? Would
you be able to hit everything from IDT, or would you have
to be more selective?
I was also wondering if the Path: line forgees would be
interested in aliasing out IDT, and urging IDT's regular
upstreams to do the same. I think Path: line forgeries should
be taken as seriously as From: line forgeries.
I looked at Andrew's statistics for last week, and at your
other articles on this topic. It looks like Middleton is the
problem, not IDT as a whole. So I think we need to look
for a way to "get" Matt Middleton without doing too much
collateral damage to other IDT users. And a loud cry of
anguish from the sites which are being forged in the Path:
might be the best way of doing that.
How 'bout if we send a petition to the forgees asking them
to sign and present their own petition to IDT that IDT will
be aliased out if it doesn't get rid of Middleton? And maybe
slurp.net will volunteer to take the lead.
And what can we do to prevent Middleton from setting
up shop somewhere else?
No answers, just questions.....
Henrietta
Ran
>No one has a comment? No support? No objections?
Hey, silence == consent, right? ;-)
>I'll be happy to UDP IDT myself, but some discussion would be
>appreciated. BTW, there were 909 of these spam/forgery turds that
>were posted today.
Ah, this helps supply a little context: it wasn't clear that it was
all that big a deal. Especially for me: I don't subscribe to anything
in alt.sex.*, and the couple I had seen in the alt.binaries groups I
follow put them wa-a-a-y down my list.
But 900+ per day is a pretty substantial chunk. A couple of points I
think should be covered in evaluating a UDP, though:
1. Is Middleton the only spammer they're allowing to run free?
2. Have you tried to contact them by phone/fax/whatever? Or just
email?
If they're stonewalling, particularly with a header forger who's
probably causing complaints to be mis-directed, a UDP threat seems an
appropriate clue-by-four to grab their attention. Given the extent and
nature of the "crime", it would seem reasonable to make one of the
conditions that they patch their reader machines to either dump path
preloads, or use a pseudo-site to positively identify themselves (e.g.,
the "xxxx.yyy.POSTED" or "posted-from-nnnnn" that other victims of such
tactics are using already).
As for de-peering, I'd like to see some indication of whether it's
incompetence or malevolence at work. If the latter, especially given
the forgery of white-hat domains, I'd be inclined to argue for an
"unconditional" de-peering: forget about whether they put a stop to it
this time, and try to force them into position where they have to
negotiate new peering arrangements that might include some teeth.
I haven't got a clue about glasscity: this may be literally the first
I've even heard about them. flash.net, otoh, seemed to be remarkably
clueful and responsive a few months back, when they were repeatedly
being mugged by the AdultServ gang. Have things changed there?
Ran
Lysander Spooner
agreement that A UDP OF IDT IS *DEFINITELY* CALLED FOR!
(I'm having some remodeling done and all my computers are under
dropcloths. I had to dig out my laptop for this. I'll be back to
full participation mode in a few days.)
The volume of this spam alone justifies a UDP. The fact that it is
ONE PERSON doing the spamming makes IDT's inaction even more
outrageous. But it's their total fucking SILENCE that breaks this
camel's back. Define "unresponsive." See: "IDT."
Middleton's spam isn't the most voluminous on Usenet (that distinction
belongs to "gentleman" Tom Saylor) but it IS the most insidious.
It's not just his browser-hijacking HTML, though in a right-thinking
world that would be a hanging offense.
It's not only his "from:" forgeries that cause endless grief to
innocent users and domain-owners as they get buried under piles of
complaints from spam-addled newsgroupies and love-notes from horny
webtv'ers, though I'm sure some of them would like five minutes in a
room alone with a pair of vice-grips and Matt's testicles.
It isn't even just the fact that his "path:" preloads wind up framing
innocent news-providers, placing the blame for his vandalism in other
people's spam-statistics and abuse-mailboxes, and seeming to make IDT
look crystal-clean.
It's WHY he forges those path entries. He does it to keep his spam
from being seen by the cancelbots. Every one of his preloads is
there to dodge a despammer. I'm the reason for at least two of them,
and that's what really bugs me. Slurp.net is getting the most heat
from this crap, and I feel responsible. I have no relation to Slurp
except that I read and post from their server. I do NOT run a bot
there. I do not scan it for spam. But Middleton doesn't know that,
so he sticks them into his path, and a white-hat admin is in danger of
losing his job. Because of ME!
I take this shit personally, and I want it to STOP! If IDTwon't stop
it, I'll stop IDT -- COMPLETELY!
>This abuse has gone on for far too long. I think a serious UDP (Usenet
>Death Penalty) and de-peering is in order for IDT.NET.
Hear Hear. I second the motion. Nays?
I just spent some time assembling a dedicated Middleton-bot. It's
only three more minutes work to convert it to a IDT-UDP-bot.
UDP for IDT!
-- Rick
-----------
** I'm PISSED OFF! **
News Admin
complaints. We are dedicated to cleaning up spam on the net just as much
as anyone.
IDT uses some PSI dialups in areas that we don't have coverage. We have
been working with them on identifying the identity of these spammers. PSI
assured us that they've cancelled all accounts belonged to these spammers.
However, PSI is not able to disallow these spammers from getting new
accounts through their on-line signup procedure.
So, here at IDT, we've just blocked all PSI dialups from posting to our
news server until PSI finds out a way of disallowing this same network
from getting more dialup access through their network.
We also are looking into more spam filtering techniques to prevent such
incidents.
Thank you.
News Admin.
On Thu, 8 Apr 1999, Howard Knight wrote:
> [emailed to IDT.NET, PSI.NET, and posted to news.admin.net-abuse.usenet]
>
> Hello All,
>
> It has become painfully clear that IDT.NET either does not care, or is
> incapable of dealing with Matt Middleton's spam and forgeries that are
> flowing from their news server. This has been going on for months now,
> non stop!
>
>
> Howard
>
>
Howard Knight
: So, here at IDT, we've just blocked all PSI dialups from posting to our
: news server until PSI finds out a way of disallowing this same network
: from getting more dialup access through their network.
Thank you for the response, and for your stop-gap solution to the
problem. Also, I have been coorisponding with IDT via email and
they claim that they are implementing authentication on their news
server, and will be installing spam filtering software.
Howard
Sherilyn
News Admin wrote:
>I would first like to apologize for our lack of response to these
>complaints. We are dedicated to cleaning up spam on the net just as much
>as anyone.
>So, here at IDT, we've just blocked all PSI dialups from posting to our
>news server until PSI finds out a way of disallowing this same network
>from getting more dialup access through their network.
>
>incidents.
>
--
Sherilyn
Robert F. Golaszewski
news:372ed72f...@news.alt.net...
> On Fri, 09 Apr 1999 12:04:04 GMT, buch...@cybernex.net (Lysander Spooner)
wrote:
>
> >My apologies for not joining in sooner with my loud shrieking
> >agreement that A UDP OF IDT IS *DEFINITELY* CALLED FOR!
>
If he'd support and succeed in getting one for alt.net, I'd erect a statue
honoring him.
--
-Robert F. Golaszewski
("A man without religion is like a fish without a bicycle"- Vique's Law)
Visit http://third-plateau.lycaeum.org/cgi/anyboard/board/index.html
for the best general interest site on the Net about
DXM (dextromethorphan) used recreationally.