[135123] in North American Network Operators' Group
Re: Request Spamhaus contact
daemon@ATHENA.MIT.EDU (TR Shaw)
Mon Jan 17 19:44:22 2011
From: TR Shaw <tshaw@oitc.com>
In-Reply-To: <AANLkTikRv=Hvr+5_N-axq6OH-spbvybtyPBu9x1s+zY6@mail.gmail.com>
Date: Mon, 17 Jan 2011 19:30:04 -0500
To: Jeffrey Lyon <jeffrey.lyon@blacklotus.net>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
So the fact that you host the spamvertized pill and other spam sites =
makes it OK because the spamming email came from residential machines =
that were coopted? =20
That's weird logic but maybe that's why your abuse never responded to us =
nor shuts them down.
Tom
On Jan 17, 2011, at 7:14 PM, Jeffrey Lyon wrote:
> Raymond,
>=20
> Spam does not make me nervous, it's a practical matter that we will
> address in due course. The null routes we have set are pretty recent
> so you may have received some spam prior to that time but I absolutely
> guarantee you that it did not come from our network, otherwise we
> would have detected it and stopped it on the spot.
>=20
> Thanks, Jeff
>=20
>=20
> On Mon, Jan 17, 2011 at 7:12 PM, Raymond Dijkxhoorn
> <raymond@prolocation.net> wrote:
>> Hi!
>>=20
>>> That is not in our IP space. These are the only SBL's we have =
outstanding:
>>>=20
>>> SBL101835
>>> 208.64.127.64/27 blacklotus.net
>>> 17-Jan-2011 14:44 GMT
>>> Drug spam domain hosting
>>>=20
>>>=20
>>> SBL101662
>>> 208.64.123.176/28 blacklotus.net
>>> 14-Jan-2011 10:31 GMT
>>> Drug spam domain hosting
>>=20
>>>> 208.64.120.186 canadian-rx-store.org
>>>>=20
>>>> I connected to 208.64.120.186 on TCP port 80 and finger-boned an =
HTTP
>>>> request for http://canadian-rx-store.org/ and the server responded =
as
>>>> I would expect a server configured with that name to respond.
>>>>=20
>>>> canadian-rx-store .org? Really?
>>=20
>> So they need, and will add more.
>>=20
>> NetRange: 208.64.120.0 - 208.64.127.255
>> CIDR: 208.64.120.0/21
>> OriginAS: AS32421
>> NetName: NET-208-64-120-0-1
>> NetHandle: NET-208-64-120-0-1
>> Parent: NET-208-0-0-0-0
>> NetType: Direct Allocation
>> NameServer: NS1.ENTERPRISE.BLACKLOTUS.NET
>> NameServer: NS2.ENTERPRISE.BLACKLOTUS.NET
>> RegDate: 2005-12-22
>> Updated: 2009-11-11
>> Ref: http://whois.arin.net/rest/net/NET-208-64-120-0-1
>>=20
>> OrgName: Black Lotus Communications
>> OrgId: BLC-92
>> Address: 3419 Virginia Beach Blvd. #D5
>>=20
>> Thats not your IP space? Really? How come.
>>=20
>> apothekeosterreich .at -> 208.64.120.197
>> vertrouwdeapotheek .nl -> 208.64.120.197
>>=20
>> viagra-shopping .com -> 208.64.127.78
>> medicin-24 .com -> 208.64.127.78
>>=20
>> apothekeohnerezept .at -> 208.64.127.66
>>=20
>> www.medicin-24 .com -> 208.64.127.78
>> www.viagra-shopping .com -> 208.64.127.78
>>=20
>> This is just like 3 minutes digging in todays spamfolders.
>>=20
>> Instead of typing here, i would be rather nervous and placing null =
routes
>> wherever i could.
>>=20
>> Bye,
>> Raymond.
>>=20
>>=20
>>=20
>=20
>=20
>=20
> --=20
> Jeffrey Lyon, Leadership Team
> jeffrey.lyon@blacklotus.net | http://www.blacklotus.net
> Black Lotus Communications - AS32421
> First and Leading in DDoS Protection Solutions
>=20
