Bluesecurity and Blue Frog
May. 5th, 2006 08:44 pm![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
gizaAs some of you know, I had some concerns with Bluesecurity for a while, because I was concerned that they were essentially performing DoS attacks on spammers. However, since their site is back up, I found these awesome papers that do a really good job of explaining exactly how their technology works, and what safeguards they have in place:
http://www.bluesecurity.com/blue-frog/wp/solution_overview_wp.pdf
http://www.bluesecurity.com/blue-frog/wp/blue-security-overview-mjr.pdf
The stuff explained therein puts to rest a lot of the concerns that I had. For one thing, it's not a DDoS at all. A user's system sends a complaint to the spammer if and only if they receive any more spam /after/ the spammer has been given a 10 day "grace period" since Bluesecurity initially contacts them. Also, the total number of complaints sent is less than or equal to the number of spams that are sent after the grace period.
They also made a very important point about "remove lists" which is that they have not worked in the past because there is no enforcement mechanism. Now there is.
I'm gonna download their plugin and give it a try.
http://www.bluesecurity.com/blue-frog/wp/solution_overview_wp.pdf
http://www.bluesecurity.com/blue-frog/wp/blue-security-overview-mjr.pdf
The stuff explained therein puts to rest a lot of the concerns that I had. For one thing, it's not a DDoS at all. A user's system sends a complaint to the spammer if and only if they receive any more spam /after/ the spammer has been given a 10 day "grace period" since Bluesecurity initially contacts them. Also, the total number of complaints sent is less than or equal to the number of spams that are sent after the grace period.
They also made a very important point about "remove lists" which is that they have not worked in the past because there is no enforcement mechanism. Now there is.
I'm gonna download their plugin and give it a try.
![[identity profile]](https://www.dreamwidth.org/img/silk/identity/openid.png){kind=small}
(no subject)
Date: 2006-05-06 12:53 am (UTC)(no subject)
Date: 2006-05-06 12:54 am (UTC)I've been hitting the site fine for the last 5 minutes. Do you have stale DNS?
(no subject)
Date: 2006-05-06 01:01 am (UTC)dragon-% dig +short www.bluesecurity.com
72.52.9.7
72.52.8.7
dragon-% dig +short @24.93.41.125 www.bluesecurity.com
127.0.0.1
(no subject)
Date: 2006-05-06 01:04 am (UTC)"dig ns bluesecurity.com" gives bsec[1-3].prolexic.net as he nameservers, all of which are in 204.74.66.0/24.
(no subject)
Date: 2006-05-06 01:09 am (UTC)(no subject)
Date: 2006-05-06 01:14 am (UTC)What's the TTL/expiration?
When I hit their nameservers directly, I see it's 300s. If it's anything greater than that, you probably have old data.
(no subject)
Date: 2006-05-06 01:18 am (UTC)(no subject)
Date: 2006-05-06 01:20 am (UTC)dragon-% dig +norec @24.93.41.125 www.bluesecurity.com
...
bluesecurity.com. 55178 IN NS ns2.domainthenet.net.
bluesecurity.com. 55178 IN NS ns1.domainthenet.net.
Those aren't right.
(no subject)
Date: 2006-05-06 01:22 am (UTC)That TTL is less than a day. It's possible that those are old nameservers. Maybe they moved to a new host with more bandwidth. :-)
(no subject)
Date: 2006-05-06 01:34 am (UTC)bluesecurity.com. 172785 IN NS gdc.prolexic.org.
bluesecurity.com. 172785 IN NS gdc.prolexic.net.
but if you query www.bluesecurity.com's A record, you get:
bluesecurity.com. 300 IN NS bsec2.prolexic.net.
bluesecurity.com. 300 IN NS bsec3.prolexic.net.
bluesecurity.com. 300 IN NS bsec1.prolexic.net.
TTL 300 on nameservers seems awfully temporary.
(no subject)
Date: 2006-05-06 12:59 am (UTC)(no subject)
Date: 2006-05-06 04:21 am (UTC)(no subject)
Date: 2006-05-06 03:10 pm (UTC)Unknown.