Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

BlackFrog to Take up BlueFrog's Flag

Zonk posted more than 8 years ago | from the internet-routes-around-stupidity dept.

178

Runefox writes "ZDNet UK has a story about a new SPAM defense mechanism called BlackFrog, a response to the demise of Blue Security's BlueFrog. According to the article, the new service is based on a P2P network of clients, called the 'Frognet', which allows the opt-out service to continue functioning even after a server has gone down, making a DDoS attack like that which crippled BlueFrog ineffective against the new service."

cancel ×

178 comments

Sorry! There are no comments related to the filter you selected.

Link (4, Informative)

Anonymous Coward | more than 8 years ago | (#15409348)

Re:Link (1)

Instine (963303) | more than 8 years ago | (#15409888)

On visiting the homepage. Just how much spam do you think nathan@okopipi.org gets? Or is this bait?

eitherway I see some BIG problems coming their way, not least, secure distribution of the software. Looks like they've announced this way to soon. Fingers crossed they manage to get a release out and distributed to the masses before their site falls to the enemy

Poisonous frogs? (4, Insightful)

RingDev (879105) | more than 8 years ago | (#15409350)

How long until some hacker poisons the peer system into spamming a legitimate site?

-Rick

Re:Poisonous frogs? (2, Insightful)

Paran (28208) | more than 8 years ago | (#15409424)

FTA:
Participants will send reports of spam emails to Okopipi, which will use "handlers", including dedicated servers, to analyse it. To avoid suffering the same fate as Blue Security, Okopipi's staff will not disclose information about its servers.

Sounds like the same idea as Blue Security, only they're hiding. Probably will result in the same outcome. Massive DDoS on their "hidden" servers.

Re:Poisonous frogs? (3, Funny)

iminplaya (723125) | more than 8 years ago | (#15409465)

...Okopipi's staff will not disclose information about its servers.

Aahhh...the old security throught obscurity trick, eh? Should work as well as the cone of silence.

Re:Poisonous frogs? (3, Informative)

lhorn (528432) | more than 8 years ago | (#15409492)

That's the whole point of an analysis before sending opt-out messages from all members. I am not familiar with Black Frog intended function, but if a certain percentage of their members gets similar messages it's a fair bet it is spam. A FrogHerder must look at the message to ensure it is sufficently spammy, before action - this may even be legal somewhere in the world.

Never trust the users (2, Insightful)

Jac_no_k (5957) | more than 8 years ago | (#15409768)

You can't trust the "members". Say that a savvy black hat creates many "tainted-members". What happens if the "tainted-members" all report that a legitimate site is spamming?

I think one method for this to work is for each suggested target be evaluated by each member. The member has to agree that this is a valid target before his account participates in the attack.

Re:Never trust the users (3, Insightful)

sk8king (573108) | more than 8 years ago | (#15409928)

>I think one method for this to work is for each suggested target be evaluated by each member. The >member has to agree that this is a valid target before his account participates in the attack.

With a certain threshold of participants required before the attack even takes place. If there are 100 members, perhaps 20 would need to agree on the item in question being spam. 15 wouldn't be enough to initiate a retaliatory opt-out.

I wonder how much of the "background" noise on the internet is this sort of crap floating around....DNS requests for viruses, port scanning for viruses, traffic in the form of spam, spam responses, systems to deal with spam....probably more than anyone realizes.

Re:Never trust the users (1, Informative)

Anonymous Coward | more than 8 years ago | (#15410216)

> I think one method for this to work is for each suggested target be evaluated by each member. The member has to agree that this is a valid target before his account participates in the attack.

Sounds ... unwieldy.

Anyway, Blue Frog maintained a number of spamtraps on its "do not spam" list as well as normal users. If there was any question about a mail's legitimacy, it could usually be resolved by determining how many spamtraps it also hit. I don't think the "do not spam" list was really the best idea (it's what dragged bluefrog users into the escalation), but it really is an integral part of the model, to give fair warning to anyone who actually might just be mistaken, or at least to tell the targets of their complaint storm, "you had the ability to prevent this".

Blue Frog was never about DDOS'ing spammers bandwidth, only their ordering infrastructure with real opt-out mechanisms. It's naive to think spammers consider it anything more than a technical speedbump, but advertisers linked with spammers are also contacted, and they may actually take notice at the negative publicity.

Re:Poisonous frogs? (0)

mapkinase (958129) | more than 8 years ago | (#15410391)

You did not get it.

Spammer changes "gett v1agar naw" to "visit momandpopshop at omgponies.com" in their spamail message and hits the same "Spam" button.

momandpopshop ponies got "we hate ponies", feel somewhat offended and report to authorities, "color-of-the-day" frog get busted and a corollary to the Murphy's Law says that it will be busted before any spammer.

ways to avoid poison (1)

Jac_no_k (5957) | more than 8 years ago | (#15409814)

I think one method for this to work is for each suggested target be evaluated by each member. The member has to agree that this is a valid target before his account participates in the attack.

So I guess the question is how is this any different from individual users crafting their own attacks? For me the nice thing about Blue Frog was they crafted a script for me that will be used to attack. I'm sure this new project will do something similar.

And I could even see a karma system for the members. Members that suggest valid targets gets modded up.

Really? (0, Redundant)

bsdluvr (932942) | more than 8 years ago | (#15409354)

I bet this was totally unexpected here ;-)

Social internet? (0)

Anonymous Coward | more than 8 years ago | (#15409357)

"Social" internet might not sound that great, but at least it has some great advantages like this (I dont consider file sharing an advantage, but fighting against SPAM is).

Slashdot sucks..... (-1, Flamebait)

Anonymous Coward | more than 8 years ago | (#15409358)

Try Digg [digg.com] instead

seems insecure (3, Insightful)

robinesque (977170) | more than 8 years ago | (#15409360)

Sounds sort of insecure for a project like this to be openly editable to the public via a wiki and p2p network.

Re:seems insecure (-1, Redundant)

Anonymous Coward | more than 8 years ago | (#15409509)

No. no, no... haven't you heard? There is no scenario in the universe where open source is anything but the best possible choice.

good idea (2, Insightful)

Amouth (879122) | more than 8 years ago | (#15409361)

just too bad that someone couldn't get this into the BlueFrog stuff before it died.. atleast then they would have a large userbase.. but if the Blue peps are the ones that look at the e-mails to make sure someone isn't being evil and submitting normal HAM - how is that going to work without master to authorize the clients???

Re:good idea (1)

JayClements (247589) | more than 8 years ago | (#15410525)

I didn't get ANY spam while BlueFrog was being ddosed.

Once you go black, you never go back. (5, Informative)

DigDuality (918867) | more than 8 years ago | (#15409370)

Just as a correction folks, it's not called "Black Frog" this is a mix up. There was two projects. Black Frog and Okopipi aiming for the same goal. Black Frog stopped and the people joined Okopipi.

Re:Once you go black, you never go back. (1, Funny)

Anonymous Coward | more than 8 years ago | (#15409654)

I suppose the phrase "Once you go Okopipi, you never go back" just doesn't have the same ring to it, does it?

Re:Once you go black, you never go back. (3, Funny)

Thwomp (773873) | more than 8 years ago | (#15409683)

No doubt it's a name inspired from the Nintendo school of marketing.

Re:Once you go black, you never go back. (1)

Linker3000 (626634) | more than 8 years ago | (#15410092)

You kinda beat me to to it - I was wondering whether Okpipi runs on Wii to help piss all over the spammers?

Re:Once you go black, you never go back. (1)

gbjbaanb (229885) | more than 8 years ago | (#15410101)

I'd say the BlackFrog name is much more appropriate to keep the tradition (and advertising brand name) the BlueFrog guys started.

besides, surely BlackFrog is much easier to make icons for... assuming the BlueFrog resources are OSS too. Got knows what an okopipi is anyway.

Re:Once you go black, you never go back. (5, Informative)

DigDuality (918867) | more than 8 years ago | (#15410293)

an Okopipi is a poisonous blue frog.

source from bluefrog? (1)

Janek Kozicki (722688) | more than 8 years ago | (#15409416)

I hope that people from bluefrog will release source of their utility. This new initiative could surely benefit from their sourcecode.

Re:source from bluefrog? (4, Informative)

DigDuality (918867) | more than 8 years ago | (#15409439)

BlueFrog was open sourced and under the mozilla license, and yes they have the source code.

Spamming the spammers? (3, Funny)

ScouseMouse (690083) | more than 8 years ago | (#15409436)

Hmm, wont it be amusing for user's PCs to be spamming as part of an hidden botnet and running this at the same time. Hope their not on dialup.

Re:Spamming the spammers? (3, Informative)

forghy (749877) | more than 8 years ago | (#15409564)

The goal is to spam the spammer *sponsors*, not the spammers themselves. This is the exact reason why the blue frog was so successfull.
Once you receive a mail advertizing pills or wrist ornaments , the Blue/Black frog client sends an opt-out message to the advertized mailbox.
Let say this online shop sends a million spam messages by means of a spammer, he (the shop owner) receveives 1 million opt-out messages back !


Days are counted for the spammers ! MUahAhahAHhaHAh

Re:Spamming the spammers? (1)

ScouseMouse (690083) | more than 8 years ago | (#15409687)

Ah this makes more sense now.

Must go away and read the original bluefrog article again.

Actually i wouldnt count on the days of spammers being numbered.
The sneaky little bugg@rs have been getting round new antu-spam systems for years, and the more unscrupulous will start doing things like providing opt out locations that look different when you view then. (IE, providing two links, a link thats invisible for the anti spam engine to chew on, and one that isnt that may be obfuscated in some way)

Unfortunately just like pond scum, once its got a presence, its practically impossible to get rid of it without major work.

SpamCannibal (1, Informative)

Anonymous Coward | more than 8 years ago | (#15409456)

I think one of the most genial spamtools is SpamCannibal
http://www.spamcannibal.org/cannibal.cgi [spamcannibal.org]

OMG vigilantes (4, Insightful)

giorgiofr (887762) | more than 8 years ago | (#15409462)

I can imagine the slew of whiners who will complain about such a vigilante approach to this problem.
Well, remember Firefox, "We're taking back the web"? That's exactly what we're doing here. It's the only strategy that's going to work. Bitching and moaning won't get you a clean mailbox. Taking spammers down will.
If you disagree with fighting fire with fire, I suggest you also criticize any and all law enforcement activities. They're simply state-sponsored vigilantes.

Re:OMG vigilantes (5, Funny)

joe 155 (937621) | more than 8 years ago | (#15409487)

couldn't we just send the spammers a sony music cd? That rootkit would take out their computers at the source instead of just spamming them

Re:OMG vigilantes (2, Funny)

op12 (830015) | more than 8 years ago | (#15409725)

If it's a recent Sony music CD, you're going to have a hard time convincing them to put it in their computers as they'll likely be thinking, "Why do I want to listen to this garbage?"

Re:OMG vigilantes (2, Funny)

whyrat (936411) | more than 8 years ago | (#15410001)

I think we should solve this with a two tier internet!

One "slow" tier would be for all the people who actually reply to spam (thus giving the spammers money) or get their computers infected with bots and fail to clean them.

The other "fast" tier would be for poeple who know better than to click on everything in their email box and instead delete the spam / trojans.

Re:OMG vigilantes (1)

capt.Hij (318203) | more than 8 years ago | (#15409567)

Just remember this post when your local subnet gets knocked out when this new thing and some titan of a spammer start slamming each other and happen to be near you. I believe there is an old African proverb [thinkexist.com] about what happens when two elephants fight that is appropriate here.

Re:OMG vigilantes (2, Insightful)

giorgiofr (887762) | more than 8 years ago | (#15409615)

So, uhm, we should keep quiet and hope no one notices us? Maybe squeek a bit?

Re:OMG vigilantes (0)

Anonymous Coward | more than 8 years ago | (#15409653)

I prefer "Those who want to live, let them fight, and those who do not want to fight in this world of eternal struggle do not deserve to live.".

"They're simply state-sponsored vigilantes" (0)

Anonymous Coward | more than 8 years ago | (#15409704)

Wow, a real live anarchist.

Re:OMG vigilantes (1)

Mant (578427) | more than 8 years ago | (#15409822)

Well, remember Firefox, "We're taking back the web"? That's exactly what we're doing here.

I like Firefox and all, but I really don't see the connection between having a choice over your web browser and launching DoS attacks on possible spammers.

If you disagree with fighting fire with fire, I suggest you also criticize any and all law enforcement activities. They're simply state-sponsored vigilantes.

Once they are state sponsored, they rather stop being vigilantes. They also (hopefully) are held accountable, have their actions limited and open to scrutiny and oversight.

Even by Slashdot standards that is a terrible straw man.

Myopic-kneejerk-retribution-a-go-go (2, Insightful)

ear1grey (697747) | more than 8 years ago | (#15409892)

I have no mod points, so I must respond...

I'd like to hope Okopipi could make a positive difference, but it cannot, because it is open to exploitation by the very people it's trying to stop.

Okopipi's greatest asset: people who are desparate to stop spam; is also it's greatest weakness, because their frustration sometimes leads them to take ill considered actions without first understanding the facts. Choosing to publish the statement below is a fairly pertinent example:

If you disagree with fighting fire with fire, I suggest you also criticize any and all law enforcement activities. They're simply state-sponsored vigilantes.

It's difficult to see any way this statement could be more wrong.

When a state sponsored law enforcement official does their work they are enacting the will of a democratically elected governement. It is a careful and methodical process designed to protect the innocent.

Their job works like this:

  1. A law is defined (there are many ways for this to happen).
  2. A transgression of that law is identified.
  3. Evidence is gathered.
  4. The transgressor is prosecuted and can defend their actions.
  5. If the transgression is proven a sentence is handed down.

The problem with Okopipi is that it amounts to an unelected and unrepresentative group that is appointing itself as police force, judge, jury and executioner.

The result is that members of the Okopipi network and innocent bystanders with websites will become the target of the organised crime that is funding the spammers.

At which point your friendly "state sponsored vigilante" is only a phone call away.

Re:Myopic-kneejerk-retribution-a-go-go (0, Flamebait)

linvir (970218) | more than 8 years ago | (#15410160)

I have no mod points, so I must respond...
Awww, poor you. No mod points to mod down a point of view you disagree with. Perhaps you could do us all a favour and go uncheck the 'I am willing to help moderate' in your preferences.

OT: Myopic-kneejerk-retribution-a-go-go (1)

Spaceman40 (565797) | more than 8 years ago | (#15410212)

When a state sponsored law enforcement official does their work they are enacting the will of a democratically elected governement. It is a careful and methodical process designed to protect the innocent.

Perhaps the GP was from the US, where that doesn't hold true anymore...

Re:Myopic-kneejerk-retribution-a-go-go (1)

prattle (898688) | more than 8 years ago | (#15410647)

The problem with Okopipi is that it amounts to an unelected and unrepresentative group that is appointing itself as police force, judge, jury and executioner.

Nonsense. All Okopipi will do is automate the opt-out/unsubscribe requests.

http://wiki.okopipi.org/wiki/Frequently_Asked_Ques tions [okopipi.org]

Re:OMG vigilantes (1)

da cog (531643) | more than 8 years ago | (#15409910)

> If you disagree with fighting fire with fire, I suggest you also criticize any and all law enforcement activities. They're simply state-
> sponsored vigilantes.

Actually, in any reasonable democracy law enforcement is more like "state-sponsered vigilantes, with an independent court system designed to prevent them from accidently screwing over the innocent in their zealous quest for justice."

well, speaking from experience (-1, Offtopic)

rucs_hack (784150) | more than 8 years ago | (#15409510)

I've been using ODF for spreadsheets and a novel for some time now. The novel has over 400 pages, and I haven't noticed any difference since I switched from the word doc format to ODF, well, other then really liking ODF as a format to work with.

Well, except that I no longer have to worry about only being able to edit my document safely in one editor, on one platform, that's a pretty big issue for me, huge even.

There's no way I'll ever use a microsoft editor again, just because I know they'll never willingly support other formats for the good of the consumer. Ok they *may* add support for ODF, but they wouldn't have if Mass' hadn't pushed them into a corner. That attitude is worrying, it speaks volumes about their trustworthyness. I wouldn't put it past them to somehow add an extension which meant my previously cross platform document 'accidentally' wasn't quite so cross platform/editor any more.

Re:well, speaking from experience (1)

hjf (703092) | more than 8 years ago | (#15409526)

dude, that was so lame... you tried to make a fp and clicked on the wrong article. LOL!

Re:well, speaking from experience (0)

Anonymous Coward | more than 8 years ago | (#15409535)

But are you writing spam? Or just lost [slashdot.org] ?

Blue Security's reason for shutting down (3, Informative)

Paran (28208) | more than 8 years ago | (#15409511)

I thought the reason Blue Security closed shop was because the spammers had diff'd their user database, identified quite a large amount of the participants, and then threatened virus attacks directed at them. Not because of the DDoS.

Blue Security Gives up the Fight [slashdot.org]
The spammer also sent another message: Cease operations or Blue Security customers will soon find themselves targeted with virus-filled attacks.
...
"It's clear to us that [quitting] would be the only thing to prevent a full-scale cyber-war that we just don't have the authority to start," Reshef said. "Our users never signed up for this kind of thing."


I'm guessing the only real difference is that users will know this time around.

Re:Blue Security's reason for shutting down (3, Insightful)

mikael_j (106439) | more than 8 years ago | (#15409540)

You're getting things mixed up, I think most users were quite willing to get involved in the cyber-war, the problem was that the company didn't have the resources to fight it.

I'll probably sign up for this blackfrog thing once I've checked it out. In fact, I'd probably consider giving money to someone collecting money to pay someone else to beat the shit out of the world's top spammers. I'm serious, they're scum..

/Mikael

Re:Blue Security's reason for shutting down (1)

Have Blue (616) | more than 8 years ago | (#15410487)

It's not that the company didn't have the resources to fight it (although it's true that they didn't), it's that it was causing so much collateral damage. Once the spammer had taken down the primary BlueSecurity site, he took down the third-party site hosting the blog on which BlueSecurity's response to the first takedown was posted, and showed every sign of being ready to take down any other site that overtly supported BlueSecurity. Faced with the choice of shutting down or being indirectly responsible for a DDoS epidemic of unpredictable but probably massive proportions, they shut down.

Automatically clicks Unsubscribe links in Spam? (3, Insightful)

Robmonster (158873) | more than 8 years ago | (#15409524)

From their wiki:-

Okopipi will automatically click the "opt-out" or "unsubscribe" links contained within the emails and/or report the spam to the appropriate authorities.

I thought that it was generally a bad idea to click unsub or opt-out links in Spam messages since it only server to prove they have a valid email address and the receipient actually reads Spam messages.

Re:Automatically clicks Unsubscribe links in Spam? (0)

Anonymous Coward | more than 8 years ago | (#15409539)

Your right, but if everyone does it then they will be flooded :)

Re:Automatically clicks Unsubscribe links in Spam? (1)

mengel (13619) | more than 8 years ago | (#15409662)

Well, if you are trying to find spammers, and get more excuses to slam their websites, etc. then you want to click the unsubscribe links. The more spam they send you, the more they get slammed in response. Also, if this Black Frog stuff keeps track of this stuff, as part of the system, you then collect evidence of them sending you stuff even after you unsubscribed, which could be used to prosecute them in court as well as pounding their servers into the ground.

So it makes sense for a system like this to do it, because it wants to get the spammers to send it stuff, so it can punish the people who hired the spammers.

Re:Automatically clicks Unsubscribe links in Spam? (2, Informative)

dnixon112 (663069) | more than 8 years ago | (#15409930)

A legitimate concern, but with the Blue Frog system at least, the way this was handled was that the system did not identify which email address was clicking the links. All the "clicking" was done by the Blue Security servers, it just added up to one opt-out/unsubscribe click per spam message sent.

Re:Automatically clicks Unsubscribe links in Spam? (2, Insightful)

drinkypoo (153816) | more than 8 years ago | (#15410313)

If the links are put together by someone who is not a total fucking moron, the link either has the email address encoded within it, or it is a unique token that links to a specific email address. Either way, following the opt-out link will indeed confirm that the address was deliverable. Unless these guys are just generating web traffic to the same server but a wholly different URL, preferably not even accessing the server by name but by IP... Which I doubt.

Re:Automatically clicks Unsubscribe links in Spam? (1)

Beryllium Sphere(tm) (193358) | more than 8 years ago | (#15410265)

It would be horribly logical for a spammer to supply an "opt-out" link which was an exploit for a browser bug, installing a remote access Trojan.

Has anyone heard of that actually happening?

Excuse me, but (1)

paulxnuke (624084) | more than 8 years ago | (#15409534)

isn't this really good botnet vs bad botnet? (With good being defined as "opt-in"?)

The more successful it is, the more the Internet will be too bogged down to be useful to anybody.

Also, if someone programs the botnet's to evolve to attack each other better, we're talking SkyNet right around the corner.

Re:Excuse me, but (0)

Anonymous Coward | more than 8 years ago | (#15409618)

If SkyNet becomes a reality, we've got a lot more then spam to worry about!

Re:Excuse me, but (1)

mybootorg (975440) | more than 8 years ago | (#15409631)

Excuse me. Me neither Blue Frog, not Black Frog are a botnet -- at least in a sense that the bots are using their combined strength to somehow attack or interupt the normal business of a server or network. If you think this is the case, then you are misinformed -- which isn't your fault, because the press has largely gotten it wrong as well. Please read up.

Re:Excuse me, but (1)

paulxnuke (624084) | more than 8 years ago | (#15409886)

If one defines "DOS" as "attack or interupt[sic] the normal business of a server or network", BlueFrog certainly did. They injected bad data rather than saturating routers and they weren't big enough to bring the servers down, but that's hair splitting. DOS adequately describes their attack except maybe for network security guys trying to defend against it.

Given that:

  • The Russian interests that killed Blue Frog used a DDOS (almost certainly coming from a botnet);
  • *Frog has always been based on a DOS against spammers (Blue Frog admittedly was not a botnet);
  • Black Frog wants to use a P2P network (euphemistically called a "frognet") to distribute their DOS over a bunch of user machines, using hidden servers for control;

I stand by my analysis. It pretty exactly describes what is going on.

It will be interesting to see how a many-to-many DDOS plays out.

Re:Excuse me, but (1)

MrNougat (927651) | more than 8 years ago | (#15410047)

It will be interesting to see how a many-to-many DDOS plays out.

I'm interested as well, but it's not going to be many-to-many. Each side will execute many-to-one. *Frog's many against spamvertisers one, multiple times, in a "one response per spam" action. Spammer's many against *Frog's one, in an "as much force as can be mustered" action.

Provided that the spammer's attack can find an appropriate target, and depending on the flexibility of *Frog to make itself a constantly moving target.

The weak link in the *Frog model is that human interaction is required to vet spam and build response scripts, then deliver those response scripts to *Frog clients. The "spam to be vetted and scripted against" information needs to be delivered to a single point somehow. The scripts created need to be distributed to clients from a single point somehow.

Maybe the new clients can make greater use of torrents in their operation (as opposed to simply distributing the client installer via torrent). Example: a "spam vetter" person runs an administrative app that searches for a specific torrent. Spam to be vetted is sent from normal clients via torrent, picked up by "neighbor" clients. Eventually, the admin app is able to see the torrent available on a "neighbor" and picks it up. Same way in reverse for delivering scripts - the admin app torrents the script to a smaller number of neigbors, which seed it for more, etc.

Re:Excuse me, but (1)

grimwell (141031) | more than 8 years ago | (#15410562)

The weak link in the *Frog model is that human interaction is required to vet spam and build response scripts, then deliver those response scripts to *Frog clients. The "spam to be vetted and scripted against" information needs to be delivered to a single point somehow. The scripts created need to be distributed to clients from a single point somehow.

Maybe the new clients can make greater use of torrents in their operation (as opposed to simply distributing the client installer via torrent). Example: a "spam vetter" person runs an administrative app that searches for a specific torrent. Spam to be vetted is sent from normal clients via torrent, picked up by "neighbor" clients. Eventually, the admin app is able to see the torrent available on a "neighbor" and picks it up. Same way in reverse for delivering scripts - the admin app torrents the script to a smaller number of neigbors, which seed it for more, etc.


I think what you looking for/describing is a hidden service on the Tor network [eff.org]

BlackFrog could include the Tor client with their client app and the clients could submit the spam to the spam vetters via a Hidden Service URL. This would hide BlackFrog's servers' IP address.

The attack against BlackFrog's server would then be an attack against Tor. Which might succeed the first few times. Don't know enough about Tor/Onion routing or hidden services to know how well a DDOS against a hidden service would work. It is an interesting thought experiment, tho.

Re:Excuse me, but (1)

mybootorg (975440) | more than 8 years ago | (#15410054)

But how is it bad data? We can't reply to the email to opt-out because they've forged it. We use the opt-out function on their website and it's invariably broken or results in us getting more spam.

All we're doing is exercising our "right" to opt-out as we've been promised by the spammer that we can do.

They exercising their right to advertise - which as a side affect fills our Inboxes with crap and annoys the living sh*t out of us. We're exercising our right to opt-out which seems to be annoying the living sh*t out of them. All they have to do is **LET US OPT OUT** and we stop annoying the living sh*t out of them.

It's a perfect pairing.

Incidentally, having worked on a net team recovering from a DDOS from several thousand zombies sending unbelievable numbers of packets a second, I think there's a huge difference between what Blue Frog or Black Frog or Ok-Ok-I-pee-pee proposes to do. But I do see your point.

Re:Excuse me, but (4, Interesting)

Billosaur (927319) | more than 8 years ago | (#15409700)

isn't this really good botnet vs bad botnet?

More like Autobots vs Decepticons, but in the end it's the same thing. The "good" forces won't be a botnet per se, but a loosely aligned group of people doing the same thing, taking on a group with coordinated resources capable of wreaking terrible havok. It's vigilantism to be sure, but until the government of the world actually get their heads out of their butts and come up with a unified and mutually beneficial set of laws to deal with spammers wherever they live, this is the only tool anyone has to even try and slow the spammers down.

Re:Excuse me, but (0)

Anonymous Coward | more than 8 years ago | (#15409959)

Yeah, but with the continued expansion of botnets being used by spammers, how long till the net bogs down under their weight alone? Every year the amount of spam and generally useless data being spewed onto the web by these people increases in leaps and bounds. Can we really afford to simply lay back and take it for fear of the side effect of fighting back?

Re:Excuse me, but (1)

whyrat (936411) | more than 8 years ago | (#15410021)

I, for one, welcome our new botnet overlords.

Before comparing to DDOS, or botnets. Be informed (5, Insightful)

mybootorg (975440) | more than 8 years ago | (#15409675)

Ok folks, let get a few things straight.

Blue Frog was NOT effective not as a denial of service attack or distributed denial of service attack. It was never meant or designed to be. The Russian spammer said it himself - they never brought down our servers, they only served as "a daily nuisance". The nuisance was this: for every spam that the spammer sent to the some 500,000 Blue Frog members, an automated script (bot) visited the website advertised and filled out the form for snakeoil, home refinancing -- whatever was being hawked. But instead of filling it in with valid input from someone interested in what the website was hawking, it filled it in with a legitimate plea from a single person to Opt-out of being spammed further. With me so far?

The spammer -- or worse, the spammer's client -- in turn, goes to check on their database of people or leads to which they can hawk their snakeoil and generic viagra and low and behold, instead of being filled with legitimate contacts of people they can do business with -- it's filled with hundreds upon thousands of opt-out requests.

Undoubtedly there are real requests from potential business contacts in there. But first they have to filter out all the opt-out requests that Blue Frog has submitted.

Sound familiar? It sure does. It's what we've been putting up with for years. We open our Inbox and instead of seeing email from friends and business associates, we first have to sift through and filter a few gazillion pieces of spam -- each with "Hi How are you?" and "Important Account Information" fake titles. Only then can we get down to the email that's actually sent to us. It's a nuisance.

Blue Frog forced spammers to deal with the SAME NUISANCE they cause us. And the spammers didn't care for it too much. They don't care about opt-out requests, the Internet, what people think of them, possible prosecution --- all they care about is making money and they're making it by the truckload. The fact that Blue Frog actually bothered them enough to use their botnets to attack is VERY encouraging. It means we've found a way to kick them in the ass and make it hurt.

Please don't compare Blue Frog or Black Frog to a DDOS or DOS. As the Russian Spammer demonstrated with his attack, what little network disturbance Blue or Black Frog causes for the spammer or spammer client server pales in comparison to a real attack. Mainly because it isn't meant to be an attack in the first place.

If Black Frog ends up with 1,000,000 subscribers, then lets talk DDOS.

Re:Before comparing to DDOS, or botnets. Be inform (0)

Anonymous Coward | more than 8 years ago | (#15410006)

If Black Frog ends up with 1,000,000 subscribers, then lets talk DDOS.

Misses the point entirely. If Black Frog ends up with 1,000,000 subscribers, let's talk about forming a PAC and getting legislation passed. Think $5-10 donation per person, with all proceeds going to fund the PAC. Now you can buy laws and screw spammers permanently. You've also got a handy voting bloc for, let's say, the next Presidential race. Before you laugh, remember that the last race was won by a lot less than that.

Re:Before comparing to DDOS, or botnets. Be inform (1)

mattsucks (541950) | more than 8 years ago | (#15410159)

The Russian spammer said it himself - they never brought down our servers, they only served as "a daily nuisance".

And we know this is true because Russian spammers are known throughout the world for their unassailable truthiness.

Re:Before comparing to DDOS, or botnets. Be inform (1)

mapkinase (958129) | more than 8 years ago | (#15410322)

If Black Frog ends up with 1,000,000 subscribers, then lets talk DDOS.
I hope it will end up with 10,000,000 subscribers, so the scoundrels that payroll the spa[cu]mmers choke in their own vomit.

Uhm... Okopipi (-1, Troll)

Anonymous Coward | more than 8 years ago | (#15409677)

What kind of name is Okopipi. That is real markettable. Stupid. Leave it up to a bunch of nerds to use a ridiciulous name for a product.

Re:Uhm... Okopipi (4, Insightful)

Magee_MC (960495) | more than 8 years ago | (#15409738)

Okopipi is a poisonous blue frog. Quite appropriate I think.

As to the fact that it isn't "marketable", who cares. Would anyone have thought google was marketable before they started? If the product is good enough, the market doesn't care about the name.

Re:Uhm... Okopipi (1)

mybootorg (975440) | more than 8 years ago | (#15409788)

Black Frog. Easy to remember. Ominous sounding. Appropriate because it's the next generation of Jedi. The Darth Vader to Blue Frog's Blue.

Okopipi is less appropriate because no one knows how to pronounce it. Pronounced correctly, it may end up sounding like 'Ok-Ok I pee-pee!' - which is bad for everyone.

Worse still, it's obscure and spelled oddly and consequently most people are going to mistake it for the name of a new Linux Distro.

Re:Uhm... Okopipi (1)

plover (150551) | more than 8 years ago | (#15410272)

Just because someone is multibooting between Ubuntu, Mandriva and Xandros doesn't mean that Okopipi will be ... uhh, ... confused ... oh, never mind.

OK, so maybe they should have stuck with Black Frog. It'd probably be even better if it were followed by a parenthetical "of Doom", as in "Black Frog (of Doom)". Now that sounds more like something people should be afraid of.

Re:Uhm... Okopipi (0)

Anonymous Coward | more than 8 years ago | (#15410280)

"man, whats this 'ebay' crap? What do oceans have to do with auctions? And why the hell would I buy books from some jungle?"

FrogNet? (-1)

Anonymous Coward | more than 8 years ago | (#15409715)

Isn't that the old Minitel system?

Hormel won't like it... (-1, Offtopic)

jacksonj04 (800021) | more than 8 years ago | (#15409804)

Minor point here, but SPAM (All caps) is the foodstuff. Spam (Not all caps) is the bloody awful mountain of email we all recieve every morning.

I thought we knew better than that.

What Do We Really Want? (1)

carpeweb (949895) | more than 8 years ago | (#15409925)

Don't we have two objectives regarding spam?
  1. Reduce/eliminate the network clutter it creates
  2. Prevent it from reaching our inboxes

I don't see why the froggy approach is the best direction. Yes, I see the logic in fighting fire with fire. But I've heard that water and foam are also used -- sometimes with good effect -- to fight fires. Sometimes axes are also used.

As an email user, I only care about the second objective. (Don't worry, as an Internet user, I realize my self-interest in supporting the first objective, but it seems more directly relevant to network admins and a "tragedy of the commons" problem for the rest of us.)

Permission-based email starts to make real headway on the second objective, but it doesn't seem to be a common offering. I'm pretty sure one of the Baby Bell ISPs offers it, but I forget which one. Does anyone know more about this and which ISPs might offer it?

Better still, does anyone know of an open-source add-on for mail servers that will do this?

Re:What Do We Really Want? (1)

pwrtool 45 (792547) | more than 8 years ago | (#15410059)

Don't we have ... objectives regarding spam?

...Sometimes axes are also used


I am intrigued by your ideas and wish to subscribe to your newsletter.

Re:What Do We Really Want? (1)

bitt3n (941736) | more than 8 years ago | (#15410197)

for a permission based system to work for all senders, wouldn't it have to notify the sender that he must perform some additional act before the message gets sent to the recipient? and if so, wouldn't the sender need to be notified via email, and if so, wouldn't this message sometimes be caught in the sender's own spam filter and never seen, preventing the legimate message from being received? if this happens just 1 in 100 times, such a method would be useless for many people.

Fighting spammers with axes? (0)

Anonymous Coward | more than 8 years ago | (#15410255)

Yes, I see the logic in fighting fire with fire. But I've heard that water and foam are also used -- sometimes with good effect -- to fight fires. Sometimes axes are also used.

Are you saying that we should be fighting spammers with axes?

I'd personally like to collapse their children's skulls with a rusty used camshaft taken from a 1985 Pontiac Iron Duke. Think of an overweight cast iron baseball bat with induction-hardened lobes to ensure non-uniform cranial trauma.

Re:What Do We Really Want? (2, Funny)

shokk (187512) | more than 8 years ago | (#15410664)

I'm confused. Which are you advocating?
a) Freezing them with fire retardant foam
b) Hack off a few appendages with an axe
c) Drowning
d) All of the above in that order

I think any one will do. Why be picky?

Security? (2, Interesting)

Rob T Firefly (844560) | more than 8 years ago | (#15409941)

This does look promising (from TFA:)

"It will be based on a P2P network (the frognet)," according to a posting on the wiki. "On failure to connect it could still opt out given email addresses."

Participants will send reports of spam emails to Okopipi, which will use "handlers", including dedicated servers, to analyse it. To avoid suffering the same fate as Blue Security, Okopipi's staff will not disclose information about its servers.

"Only the Okopipi administrators will know their locations," the group said on its wiki. This should make a DDoS attack "very difficult", it said.

That seems solid, but I wonder how something so open can keep a secret like what and where its servers are. It's beyond me, anyone have more info?

Subject tongue twister (0, Troll)

fritzk3 (883083) | more than 8 years ago | (#15410181)

No, I didn't RTFA. I could barely get past the subject without the words getting tangled up.

Can anyone read the subject line five times quickly and get it right? :)

history (1)

dmindless (973977) | more than 8 years ago | (#15410193)

There is a history of this issue and related links here [netadmintools.com] . The castlecops stuff has threads of the original spam message board threads.

This is a monumentally stupid idea. (-1, Flamebait)

davidu (18) | more than 8 years ago | (#15410244)



Let's be realistic -- This is a great way to get arrested.

Building software to construct botnets is a totally unproductive use of time. Running botnets that DDoS sites all over the net is illegal. Blue Security isn't out of the woods yet legally and their DDoS of SixApart is far from a closed case.

If you think this kind of coding is interesting and fun then shoot me an email -- I'll give you an internship (or a job) working on way more productive and positive projects that will impact just as many (if not more) people.

-david

Re:This is a monumentally stupid idea. (1)

pembo13 (770295) | more than 8 years ago | (#15410298)

Maybe they need to form a cooperation then.

Re:This is a monumentally stupid idea. (1)

mungtor (306258) | more than 8 years ago | (#15410319)

I don't think it's a matter of being interesting or fun. It's a question of whether it is neccessary or not.

Rather than ignoring it and hoping it goes away, how about suggesting an alternative solution to the problem at hand?

Re:This is a monumentally stupid idea. (1)

dmindless (973977) | more than 8 years ago | (#15410349)

Said a million times, I'm sure, but neither blue nor black was a DDOS. One spam received. One response or less sent back as an opt-out. Fair enough. The reason for distributing this is because of the targetting problem.

Re:This is a monumentally stupid idea. (1)

hjf (703092) | more than 8 years ago | (#15410364)

Let's be realistic: It's not. The system is not designed to bomb the spammers, just to send spam back at them IN THE SAME AMOUNT they send spam at us. That is, if a spammer sends you 1 spam message, you send him 1 spam at him. But if he sends you 500.000 spam messages... well, you do the math. I don't see anything illegal on that. Put it this way: if you have 500.000 people in a "club", who take the time every day to do that exact thing manually, would that be illegal? I don't think so. Neither writing a program for doing just that would be "illegal".

Re:This is a monumentally stupid idea. (1)

davidu (18) | more than 8 years ago | (#15410450)

Ususally the sites hit were the former home of a spamsite or spammer and at the time of being hit were just the compromised box of an innocent webhost, university computer or other bystander. You can argue all you want about the 1:1 ratio of it, or that networks should be more responsible (I agree) but that doesn't make it right.

And to the person who said I should suggest something better -- how about a botnet reporting engine to let responsible ISPs know they have compromised machines on their network? Or a system of sifting through whois and domain registration data to determine who the good or bad registrars are out there (like are all phishing sites coming from one policy-loose registrar or not?). Or a system to combat phishing and fraud on the net.

I can come up with a 100 good ideas to make the net a better place and teach you 1000 things about system administration, networking, running big networks, building scalable systems. Take advantage of that, not of the Internet.

Being an operator (sysop/netop) is infinitely better than being a hacker. A hacker just needs to know one way into your system, an operator needs to know all the ways in. :-)

Best,
David

It's not DDoS. (2, Informative)

blueZ3 (744446) | more than 8 years ago | (#15410613)

The service fills in forms on spammers websites and submits it. This "corrupts" the data that the spammers are collecting by inserting hundreds of "opt out" submissions which makes finding the "valid" submissions (where stupid people responded to the spam looking to buy v1agr@) more difficult. There's nothing illegal (as far as I know) in using your own computer to fill out forms with bogus data.

The few hundred frog subscribers don't have the horsepower to shut down a Web server anyway. They just make the results of spamming much more difficult to sort through.

Oblig Futurama reference (0)

Anonymous Coward | more than 8 years ago | (#15410325)

Hey what about a anti spamming version of this toad [wikipedia.org] [en.wikipedia]? XD

Glad to know... (1)

Nom du Keyboard (633989) | more than 8 years ago | (#15410361)

Glad to know that annoying solutions are evolving as quickly as annoying intrusions. A weakness was discovered in the first system, and now an improved version is available. Clearly the first system was sufficiently annoying to be attacked, which means it was working. In the end it's all a question of who you want to annoy. I vote for annoying spammers since they've annoyed me for far too long.

As far as "poisoning" the black list with a wrong target, who needs to? That would only be an overly complicated form of DDoS attack, which can be accomplished much more simply already. It's not something to worry about yet.

What does Richi think BlackFrog's doing? (1)

astronouth7303 (917253) | more than 8 years ago | (#15410396)

"The project should also take care not to cross the line from legitimate spam complaints to attacking spammers using DDoS-like techniques,"

That's what it basically sounds like.

They're automatically doing what spammers wanted people to do, based on the assumption that the spammers didn't set up the infrastructure necessary to support the e-mails they're sending.

T-Bird Plugin? (1)

amcdiarmid (856796) | more than 8 years ago | (#15410497)

For me, this would work well with a Thunderbird plugin: Say an option to send the opt-out as a right-click.

I have a catchall account for non-valid email addresses in my domain. Everything that goes there is junk. I could have t-bird's junk filter grab it (mostly it does correctly at this point.), and then when I manually delete stuff, perhaps there could be a right-click to mark as frog-food? (about two thousand a day. fun fun.)

My $.02
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>