NDTC has noticed an increase in e-mail bounces this week. This increase was caused by a practice that other Internet Service Providers (ISPs) are using to attempt to avoid spam. These ISPs are voluntarily using publicly available blacklists to determine whether the sending server is a known spamming server, regardless of the content of the actual e-mail. Unfortunately, in most cases, this is the only investment into anti-spam and anti-virus that these ISPs are using.

Some of these blacklists are accurate and work well.

Others, like the one that NDTC's anti-spam and anti-virus server was added to, called uceprotect.net, are radical and unethical in nature. Not only do they list servers that are actually attempting to defeat spam and viruses at the source, but they also require a 50 euro (approximately $100) fee to remove the offending server in a timely fashion, with absolutely no guarantee that it will not be listed again. This service is based in Germany, and therefore is almost immune to any kind of legal action. Also, they freely state on their website: "Introducing legal steps or similar action against us will result in that we leave your IP address and/or your network range listed in our database". This company is using these threats and tactics to sell their "anti-spam" software or hardware for thousands of dollars, rather than using legitimate and accepted marketing and sales techniques. We also suspect they are targeting their competition's equipment. It is impossible to contact them in an attempt to determine the problem and find a solution. Phone calls to their listed numbers were not answered and were dropped with no voice mail available.

We are working to try to keep this from happening again. After all, this is the reason we invested in an anti-spam/anti-virus server. Hopefully, we will not experience another blacklisting. Please know that this is unavoidable, as we do not and can not control how other ISPs handle spam on their network, and that NDTC is trying to deal with the spam problem in a professional and responsible way within the boundaries of accepted and approved standards.

On Friday, November 4, NDTC Internet ip addresses were affected by a DDOS attack. NDTC responded by implementing ip address blocking on the ports affected by the DDOS attack. The ports that were targeted affect messenger services, some mail services, and some websites. Also, some troubleshooting tools may be affected.

What is a DDOS attack?

Here is the definition from www.webopedia.com: "Short for Distributed Denial of Service, it is an attack where multiple compromised systems (which are usually infected with a Trojan) are used to target a single system causing a Denial of Service (DoS) attack. Victims of a DDoS attack consist of both the end targeted system and all systems maliciously used and controlled by the hacker in the distributed attack."

And another definition from TechWeb: "An assault on a network that floods it with so many additional requests that regular traffic is either slowed or completely interrupted. Unlike a virus or worm, which can cause severe damage to databases, a denial of service attack interrupts network service for some period. A distributed denial of service (DDOS) attack uses multiple computers throughout the network that it has previously infected. The computers act as "zombies" and work together to send out bogus messages, thereby increasing the amount of phony traffic."

The problem actually affected customers with lower speeds (i.e.. dial-up) first, as those customers didn't have as much bandwidth to deal with the flood of requests. Those on the higher speed packages had some bandwidth "to spare", so that the attack did not affect them as quickly. Unfortunately, blocking the ports to save the network also affects the ability to use those Internet services.

Until the attack is complete, we will continue blocking the ports and blocking any new attacks.

When will the attack be over? Typically, DDOS attacks run a certain course. We are seeing all of the traffic, but the compromised machines on the Internet that are doing the attacking will eventually be shut down by their ISP, as they are causing lots of traffic on their home networks, so the local ISP should notice and take appropriate action. Unfortunately, the attack started on a Friday, typically the last day of the week. So the ISP may not know anything is wrong until today (Monday). We are watching the situation, and will remove the blocks when the attack is over.