[135124] in North American Network Operators' Group
Re: Request Spamhaus contact
daemon@ATHENA.MIT.EDU (Jeffrey Lyon)
Mon Jan 17 19:46:52 2011
In-Reply-To: <9DB2D57D-832F-4D3F-9B93-18F1947EDC0F@oitc.com>
Date: Mon, 17 Jan 2011 19:30:56 -0500
From: Jeffrey Lyon <jeffrey.lyon@blacklotus.net>
To: TR Shaw <tshaw@oitc.com>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Actually, that was just a brain lapse. The domain didn't resolve at
all (misspelled?) and it returned the Cox default resolution.
Jeff
On Mon, Jan 17, 2011 at 7:30 PM, TR Shaw <tshaw@oitc.com> wrote:
> So the fact that you host the spamvertized pill and other spam sites make=
s it OK because the spamming email came from residential machines that were=
coopted?
>
> That's weird logic but maybe that's why your abuse never responded to us =
nor shuts them down.
>
> Tom
>
> On Jan 17, 2011, at 7:14 PM, Jeffrey Lyon wrote:
>
>> Raymond,
>>
>> Spam does not make me nervous, it's a practical matter that we will
>> address in due course. The null routes we have set are pretty recent
>> so you may have received some spam prior to that time but I absolutely
>> guarantee you that it did not come from our network, otherwise we
>> would have detected it and stopped it on the spot.
>>
>> Thanks, Jeff
>>
>>
>> On Mon, Jan 17, 2011 at 7:12 PM, Raymond Dijkxhoorn
>> <raymond@prolocation.net> wrote:
>>> Hi!
>>>
>>>> That is not in our IP space. These are the only SBL's we have outstand=
ing:
>>>>
>>>> SBL101835
>>>> 208.64.127.64/27 =A0 =A0 =A0 =A0blacklotus.net
>>>> 17-Jan-2011 14:44 GMT
>>>> Drug spam domain hosting
>>>>
>>>>
>>>> SBL101662
>>>> 208.64.123.176/28 =A0 =A0 =A0 blacklotus.net
>>>> 14-Jan-2011 10:31 GMT
>>>> Drug spam domain hosting
>>>
>>>>> 208.64.120.186 canadian-rx-store.org
>>>>>
>>>>> I connected to 208.64.120.186 on TCP port 80 and finger-boned an HTTP
>>>>> request for http://canadian-rx-store.org/ and the server responded as
>>>>> I would expect a server configured with that name to respond.
>>>>>
>>>>> canadian-rx-store .org? Really?
>>>
>>> So they need, and will add more.
>>>
>>> NetRange: =A0 =A0 =A0 208.64.120.0 - 208.64.127.255
>>> CIDR: =A0 =A0 =A0 =A0 =A0 208.64.120.0/21
>>> OriginAS: =A0 =A0 =A0 AS32421
>>> NetName: =A0 =A0 =A0 =A0NET-208-64-120-0-1
>>> NetHandle: =A0 =A0 =A0NET-208-64-120-0-1
>>> Parent: =A0 =A0 =A0 =A0 NET-208-0-0-0-0
>>> NetType: =A0 =A0 =A0 =A0Direct Allocation
>>> NameServer: =A0 =A0 NS1.ENTERPRISE.BLACKLOTUS.NET
>>> NameServer: =A0 =A0 NS2.ENTERPRISE.BLACKLOTUS.NET
>>> RegDate: =A0 =A0 =A0 =A02005-12-22
>>> Updated: =A0 =A0 =A0 =A02009-11-11
>>> Ref: =A0 =A0 =A0 =A0 =A0 =A0http://whois.arin.net/rest/net/NET-208-64-1=
20-0-1
>>>
>>> OrgName: =A0 =A0 =A0 =A0Black Lotus Communications
>>> OrgId: =A0 =A0 =A0 =A0 =A0BLC-92
>>> Address: =A0 =A0 =A0 =A03419 Virginia Beach Blvd. #D5
>>>
>>> Thats not your IP space? Really? How come.
>>>
>>> apothekeosterreich .at -> 208.64.120.197
>>> vertrouwdeapotheek .nl -> 208.64.120.197
>>>
>>> viagra-shopping .com -> 208.64.127.78
>>> medicin-24 .com -> 208.64.127.78
>>>
>>> apothekeohnerezept .at -> 208.64.127.66
>>>
>>> www.medicin-24 .com -> 208.64.127.78
>>> www.viagra-shopping .com -> 208.64.127.78
>>>
>>> This is just like 3 minutes digging in todays spamfolders.
>>>
>>> Instead of typing here, i would be rather nervous and placing null rout=
es
>>> wherever i could.
>>>
>>> Bye,
>>> Raymond.
>>>
>>>
>>>
>>
>>
>>
>> --
>> Jeffrey Lyon, Leadership Team
>> jeffrey.lyon@blacklotus.net | http://www.blacklotus.net
>> Black Lotus Communications - AS32421
>> First and Leading in DDoS Protection Solutions
>>
>
>
--=20
Jeffrey Lyon, Leadership Team
jeffrey.lyon@blacklotus.net | http://www.blacklotus.net
Black Lotus Communications - AS32421
First and Leading in DDoS Protection Solutions
