[148617] in North American Network Operators' Group
Re: US DOJ victim letter
daemon@ATHENA.MIT.EDU (Randy Carpenter)
Thu Jan 19 16:07:02 2012
Date: Thu, 19 Jan 2012 16:06:08 -0500 (EST)
From: Randy Carpenter <rcarpen@network1.net>
To: nanog@nanog.org
In-Reply-To: <4F1884B1.5020200@doit.wisc.edu>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Same here. No idea who the intended recipient organization is, as it was sent to our generic tech contact email address that is used for a bunch of ASes, ARIN accounts, domains, etc. There are pretty much no details in the message.
-Randy
----- Original Message -----
> AS2381 has also received them, we are no further along in this than
> you are.
>
> On 1/19/2012 2:59 PM, Jay Hennigan wrote:
> > We have received three emails from the US Department of Justice
> > Victim
> > Notification System to our ARIN POC address advising us that we may
> > be
> > the victim of a crime. Headers look legit.
> >
> > We have been frustrated in trying to follow the rabbit hole to get
> > any
> > useful information. we've jumped through hoops to get passwords
> > that
> > don't work and attempted to navigate a voice-mail system that
> > resembles
> > the "twisty maze of passages all different" from an old text
> > adventure
> > game.
> >
> > This *seems* to be legit, and I would think that the end result is
> > likely to be a list of IP addresses associated with infected hosts.
> >
> > Has anyone else received the email? Is it legit? If so has anyone
> > successfully navigated the maze, and if so how? Is it worth it?
> >
> > (And why don't they just send the list of infected IPs to the ARIN
> > contact in the first place?)
> >
> > --
> > Jay Hennigan - CCIE #7880 - Network Engineering - jay@impulse.net
> > Impulse Internet Service - http://www.impulse.net/
> > Your local telephone and internet company - 805 884-6323 - WB6RDV
> >
>
>
>
