@Home Scans Own Customers

Event Summary

@Home has been scanning its own customers to see if they are running news or web servers. This is likely a response to the USENET Death Penalty that was called against the company for the amount of spam coming from its networks. What this means is that the systems and network administrators working at @Home are using what is known as a network scanner to look for people sending unsolicited junk mail, a lot of which is often pornographic. Specifically, they are poking TCP ports 80 and 119 with a network scanner looking for HTTP proxies and NNTP proxies respectively.

On January 12th, a USENET Death Penalty (UDP) was declared on @Home due to the vast amount of spam coming through their networks. Evidence was submitted with the UDP announcement. Despite countless complaints, reports, and phone calls, @Home Network previously showed no indication of stopping this ongoing abuse. By December 1999, the situation had apparently reached intolerable levels.

The UDP was posted on the newsgroup news.admin.announce by David Ritz and stated "Currently there is still a huge volume of EMP spam originating both directly from @Home's @Home grown spammers and through the countless open proxies to their news servers. These open proxies present a very clear threat to the entire Usenet community at large. Because of this lack of response to serious, ongoing problems, even when they have been pointed out repeatedly, a full active Usenet Death Penalty will go into effect at the close of business, 17:00 PST, on Tuesday, 18 January 2000 (19 Jan 2000 01:00:00 GMT). It is sincerely hoped that @Home Network will take appropriate measures to stem the flow of abuse from its network."

Market Impact

What does this mean? A UDP is loosely enforced at best, and if it works at all, is an example of self-regulation in action. Basically, it means that news administrators around the world agree to cancel any posts originating from @Home's servers. However, no one actually forces news administrators to adhere to this. A good percentage of them may not even know that such a UDP has been declared because they are not keeping up with news.admin.announce.

User Recommendations

SPAM is not appreciated, is in poor taste, and is in many cases illegal. Report it to your network administrator or the offending site as often as possible.

Finding spammers is not in most company's interest since the spammers are also their customers. Federal and State laws need to be established to address this problem. Is it fair to hold the people who lay the asphalt responsible for the cars that speed on the highways?

States should allocate a budget to put in place a spam patrol unit. A lot of revenue could be generated if stiff fines were imposed on spammers, although laws need to be passed first.

David Ritz should be commended for his good netizenship and spam awareness consciousness.

comments powered by Disqus