Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
    Digg this story   Add to  
Anti-spam technology resurrected as FrogNet
Published: 2006-05-25

An open-source project has formed to recreate a more robust version of the anti-spam service offered by Blue Security, following a spammer's attack that shut down the company's Blue Frog service.

The project--named Okopipi for a poisonous frog found in Suriname--will attempt to build a peer-to-peer version of the anti-spam service that is more resilient to denial-of-service attacks, like the ones that shut down Blue Security's site and service as well as several Internet service providers for two weeks. On May 16, Blue Security shuttered its Blue Frog service to halt attacks on its clients by an irate spammer. The company declared that it would not reenter the anti-spam business for the foreseeable future.

"The rules of engagement would be the same as Blue Frog," two developers identifying themselves as the Okopipi Collective stated in a CastleCops forum. "One spam equals one opt-out request. No DDOS. We use bandwidth throttling sufficiently low to not overwhelm the site. It proved effective before. We see no need to change this. All actions will be approved by a steering committee."

The project has attracted a great deal of interest, because spam can be a very emotional issue. Blue Security collected nearly 500,000 users to its free service, before the company shut it down.

The Okopipi Project has at least two technical hurdles, however. The project will have to be able to prevent a spammer from using the service as an attack network. For example, if a spammer can submit a legitimate bank e-mail alert as spam, then the service could be used to level a denial-of-service attack against the bank. The programmers will also have to design a system that spammers cannot stack in their favor.

The project currently is forming development committees. No date has yet been given for when the service, which has tentatively been referred to as FrogNet, might be operational.

Posted by: Robert Lemos
    Digg this story   Add to  
Comments Mode:


Privacy Statement
Copyright 2009, SecurityFocus