<EDIT>It looks like this activity has stopped, please don't send any more packets at this person. I've also removed the IP address below in case anyone isn't reading carefully.</EDIT>

There's a ******** at **.**.***.** who is sending out virus-infected emails to thousands of people WITH MY RETURN ADDRESS ATTACHED. Consequently I'm getting bombarded with hundreds of automated "your virus has been detained" messages.

I've complained to abuse@rogers.com, but until they do something about this I don't think there's anything I can do except try to slow down the flood by filling that person's internet connection with junk packets. Although denial of service attacks are normally frowned upon, I think this qualifies as self-defense.

If anyone wants to help me with this, please send as many packets as possible to **.**.***.**.

For the curious, the email headers from one of the bounces is included here:

Return-Path: <cperciva@sfu.ca>
Received: from CR363344-A (CPE006067709E52.cpe.net.cable.rogers.com [24.43.207.77])
by venus.sun.com (8.9.3+Sun/8.9.3) with SMTP id RAA01125
for <0aharry.burks@sun.com>; Sat, 5 Jan 2002 17:40:49 -0800 (PST)
Date: Sat, 5 Jan 2002 17:40:49 -0800 (PST)
From: cperciva@sfu.ca
Message-Id: <200201060140.RAA01125@venus.sun.com>
Subject: Eclipse Corner Registration
MIME-Version: 1.0
Content-Type: multipart/related;
type="multipart/alternative";
boundary="====_ABC123456j7890DEF_===="
X-Priority: 3
X-MSMail-Priority: Normal
X-Unsent: 1

Isnt that illegal?

Ah I wish windows had ping -f

Does it have a different parameter that does the same
?

Deliberately sending out virus-infected email is illegal. (I'm sure this is deliberate based on the rate alone). Forging someone else's email address in your email headers is illegal.

I'll take this up with the legal authorities later, but for now I just want it to stop.

No, I don't think there's any flood ping option... I just have several windows open running `ping -l 3000 -w 500 -t 24.43.207.77`.

Just a note here.

You may lose your upstream provider, and that means your ability to connect your systems to the Internet. If you are a hosting company, this would be bad...

I know it's painful, but I'd contact the host, the NOC, the telco, before I did something like a DOS attack.

-t

Well, I'm not a hosting company. And yes, the university might cut off my internet access for a short time, which would be painful, but I don't think anyone's really going to fault me for not wanting viruses sent around pretending to be from me.

Hmm...do you know the who the criminals are? I will try to help.

cperciva,
where you from?(Canada?)

Chris

I'm from Canada, but currently in the UK (in Oxford).

NetWorldMap tells me that 24.43.207.77 is in Ottawa. Can anyone confirm/deny this?

Originally posted by cperciva
I'm from Canada, but currently in the UK (in Oxford).

NetWorldMap tells me that 24.43.207.77 is in Ottawa. Can anyone confirm/deny this? I get Toronto. But I just sent you that in a PM. ;)

Originally posted by SoftWareRevue
I get Toronto. But I just sent you that in a PM. ;)

That's just where the network administrator (ie rogers' abuse guy) is located. If you look up an IP anywhere on Rogers' network you'll get that answer.

I've already contacted the abuse people, what I want to know now is which police department I should call in. ;)

Well, it's been ten minutes now without any bounced viruses... I wonder if he's stopped?

where in canada u from?

chris

Originally posted by creid
where in canada u from?

Lotus-land.

Originally posted by cperciva


Lotus-land.


Im guessing Alberta????:D


Chris

DOS

I do understand that virus emails are bad, but a easy solution is a email scanner.

DOS attacks are about the worst thing you can do, other then maybe DDOS attacks.

Sorry but I think thats pretty sad in the sense that , thats your way to fight back, which it isnt.

If your willing to DOS someone, whats to say that you wont DOS people on here or others

Joe

Originally posted by JBIZ718
Sorry but I think thats pretty sad in the sense that , thats your way to fight back, which it isnt.

I wasn't "trying to fight back", nor was I concerned about receiving a copy of the virus myself (indeed, I got about 20 copies bounced back to me, which were automatically deleted).

What I was trying to do was slow down the sending of these emails in order to allow abuse@rogers.com time to shut it down completely.

If your willing to DOS someone, whats to say that you wont DOS people on here or others

I don't think many people here are likely to start sending out forged email claiming to be from me.

I'd hiiiiiiiiighly suggest you don't do this..but just incase you still want to - search for "ping flooders" on google and get one of those..lots better then using windows ping lol

Well, it looks like he's stopped now, so there isn't any need for any more packets. I don't know if abuse@rogers stepped in or if he just finished with his list of addresses... I haven't heard anything from abuse@ yet.

If you're still sending packets to this person, PLEASE STOP NOW.

1) the 24.xxx.xxx.xxx is only for cable modem isp if I recall correctly in north america.

2) the rules of self defense do not apply on the internet. You can not counter attack a Ddoser in the USA. there is regulations about this. these rules cover USA and Canada. I don't know the rules in Great Britain.

mike

Originally posted by ADEhost
1) the 24.xxx.xxx.xxx is only for cable modem isp if I recall correctly in north america.


Sounds right, i'm using cable, in the US and my IP's also 24.xxx...

Probably better to go through the proper channels. Good luck.