[16743] in North American Network Operators' Group

home help back first fref pref prev next nref lref last post

Re: Spam .. Find the sender !

daemon@ATHENA.MIT.EDU (Jay Stewart)
Mon May 11 12:37:38 1998

From: "Jay Stewart" <cosmo@olywa.net>
To: "Jan Czmok" <czmok@ipf.de>, <nanog@merit.edu>
Date: Mon, 11 May 1998 09:27:50 -0700

Jan,

153.35.0.0/16, 153.36.0.0/16, 153.37.0.0/16 *all* belong to UU.NET and are
used for multiple nationwide ISP dialups.  Send mail to abuse@uu.net, and
consider blocking these prefixes from connecting to your SMTP servers.

Jay Stewart
Vice President
Olympia Networking Services - "Olympia's Premier ISP"
Phone (360) 753.3636  Fax (360) 357.6160  http://www.olywa.net

---------------------
C:\>whois -h whois.arin.net 153.37.0.0

UUNET Technologies, Inc. (NET-UUNETCUSTB37)
   3060 Williams Drive
   Fairfax, VA 22031

   Netname: UUNETCUSTB37
   Netnumber: 153.37.0.0

   Coordinator:
      Uunet, AlterNet - Technical Support  (OA12-ARIN)  help@UUNET.UU.NET
      +1 (800) 900-0241
   Alternate Contact:
      UUNET Postmaster  (UUPM-ARIN)  postmaster@uunet.uu.net
      703-206-5440


   Domain System inverse mapping provided by:

   HUGIN.UU.NET                 153.39.242.112
   MUNIN.UU.NET                 153.39.242.113
   AUTH60.NS.UU.NET             198.6.2.181

   Record last updated on 21-May-97.
   Database last updated on 8-May-98 16:08:58 EDT.

The ARIN Registration Services Host contains ONLY Internet
Network Information: Networks, ASN's, and related POC's.
Please use the whois server at rs.internic.net for DOMAIN related
Information and nic.ddn.mil for MILNET Information.


-----Original Message-----
From: Jan Czmok <czmok@ipf.de>
To: nanog@merit.edu <nanog@merit.edu>
Date: Monday, May 11, 1998 9:19 AM
Subject: Spam .. Find the sender !


>Hi!
>
>We got some spam mail from
>> Received: from 1cust151.tnt1.tampa.fl.da.uu.net (HELO byte007)
>(153.37.184.151)
>>   by relay.ipf.net with SMTP; 10 May 1998 04:47:58 -0000
>
>and i cannot query the database (arin , ripe or radb) for the owner of
>this network.
>Any hints ?
>
>If we can find the sender, then we go for a hunt against this spammers.
>
>So far...
>
>Greetings
>
>
>Jan Czmok
>IPF.NET NOC
>
>more headers :
>
> Return-Path: hioqibua38@msn.com
>> Delivery-Date: Sun May 10 04:48:03 1998
>> Received: (qmail 26693 invoked from network); 10 May 1998 04:48:03
>-0000
>> Received: from claven.cse.psu.edu (HELO cse.psu.edu) (130.203.3.50)
>>   by finch.cse.psu.edu with SMTP; 10 May 1998 04:48:03 -0000
>> Received: from relay.ipf.net (relay.ipf.net [195.88.0.13]) by
>cse.psu.edu (8.8.8/8.7.3) with SMTP id AAA21505 for
><0000@0000.cs.psu.edu>; Sun, 10 May 1998 00:48:02 -0400 (EDT)
>> Date: Sun, 10 May 1998 00:48:02 -0400 (EDT)
>> From: hioqibua38@msn.com
>> Received: (qmail 13706 invoked from network); 10 May 1998 04:47:58
>-0000
>> Received: from 1cust151.tnt1.tampa.fl.da.uu.net (HELO byte007)
>(153.37.184.151)
>>   by relay.ipf.net with SMTP; 10 May 1998 04:47:58 -0000
>> To: hioqibua38@msn.com
>> Comments: Authenticated sender is <hioqibua38@msn.com>
>> Errors-To: shadow007@hotmail.com
>> Subject: DO YOU KNOW HIS OR HER BACKGROUND???
>> Message-Id: <199805103688SAA3125@post.ipf.net>
>



home help back first fref pref prev next nref lref last post