[18349] in North American Network Operators' Group
Re: SPAM, RE: Internic and there lame response
daemon@ATHENA.MIT.EDU (Dean Robb)
Sun Jul 12 15:44:09 1998
Date: Sun, 12 Jul 1998 14:29:04 -0400
To: Andrea Di Lecce <slinky@rogerswave.ca>
From: Dean Robb <pceasy@norfolk.infi.net>
Cc: nanog@merit.edu, RS-TALK@LISTS.INTERNIC.NET, RS-TALK@LISTS.INTERNIC.NET
In-Reply-To: <3.0.1.32.19980710212249.00ef9500@pop2.on.rogers.wave.ca>
At 21:22 7/10/98 -0400, Andrea Di Lecce wrote:
>
>At 20:21 7/8/98 -0400, you wrote:
>>Incredibly two-faced response. How do you determine the user's ISP? Check
>>WhoIs. But...OOOPPSS!...the information in WhoIs is phoney, and we don't
>>do anything about that. Sorry, guess you're just screwed.
>
>There are many other ways to track a spammer.
>
>- Do nslookup on the IP that originated the spam (sometimes this takes a
>bit of detective work to find what IP actually originated the spam).
>- Traceroute to the originating IP. Email the ISP that is directly upstream.
*I* know these techniques. Joe User who's irritated at his spam likely
does not.
>- Look in the Whois information for contact emails and nameservers - if
>these are for the upstream ISP, or some ISP other than the spammer, report
>it to them.
But there's the rub. A great deal of the information (including
delegations) in domain registrations by net.abusers is complete
fabrication. InterNIC refuses to deal with it, even when it's pointed out
to them.
>- If they are advertising a web page, track the web page host, and their
>upstream, and report it to them.
All the time :>
>
>>What do spammers and nails have in common? They're both intended for
>>hammering.
>
>Amen.
Witnesses available at www.witness.com...:)
What do spammers and nails have in common? They're both intended for
hammering.
Dean Robb
PC-Easy
On-site computer services
(757) 495-EASY [3279]
