[45501] in North American Network Operators' Group
Re: WARNING: Whois mining operation (probably spam related).
daemon@ATHENA.MIT.EDU (Scott Francis)
Sun Feb 3 05:55:18 2002
Date: Sun, 3 Feb 2002 02:53:50 -0800
From: Scott Francis <darkuncle@darkuncle.net>
To: "John Palmer (NANOG Acct)" <nanog@adns.net>
Cc: nanog@merit.edu
Message-ID: <20020203105350.GA54311@darkuncle.net>
Mail-Followup-To: Scott Francis <darkuncle@darkuncle.net>,
"John Palmer (NANOG Acct)" <nanog@adns.net>, nanog@merit.edu
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-ripemd160;
protocol="application/pgp-signature"; boundary="SUOF0GtieIMvvwua"
Content-Disposition: inline
In-Reply-To: <003301c1ac8d$a32dd2a0$c89d05c7@TAKA>
Errors-To: owner-nanog-outgoing@merit.edu
--SUOF0GtieIMvvwua
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Sun, Feb 03, 2002 at 02:34:46AM -0600, nanog@adns.net said:
>=20
> Starting about 6am eastern time, we began getting several hundred hits per
> second from IP address 195.188.22.6 to our WHOIS server.
>=20
> It appears that they were running a rather well endowed dictionary against
> the database.
>=20
> Beware - these are spammers (I know the address very well). Check your lo=
gs
> if you have any email servers or whois databases.
>=20
> This is a jerk from England who is a known fraudster.
=3D=3D=3D=3D
[sfrancis@silverlight:~]$ whois -r 195.188.22.6
<snip>
descr: Please forward abuse issues
descr: to abuse@blueyonder.co.uk
<snip>
=3D=3D=3D=3D
http://help.blueyonder.co.uk/rules/aup.html
If this guy is obviously spamming, or data mining in preparation for
spamming, it seems that blueyonder.co.uk could be contacted to have his
access yanked. Failing that, cableinet.net could be contacted to have
blueyonder.co.uk yanked.
Of course, you may have already tried this and received little/no
cooperation. *sigh*
--=20
Scott Francis darkuncle@ [home:] d a r k u n c l e . n e t
Systems/Network Manager sfrancis@ [work:] t o n o s . c o m
GPG public key 0xCB33CCA7 illum oportet crescere me autem minui
--SUOF0GtieIMvvwua
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org
iQIXAwUBPF0WvYgCD7rLM8ynFAOhFAf/fxLQIQHy+7Jnbxb3O/OFO0AEcE98gyLg
G6v4mW/WOrnLKfrDkP0o7tgxeGfHMo7Pbm4CVoCJNYp0Z1bOdb/KGfIy0+4hkDpy
d5whLdpA+s4YTG8qKgN9UwLanEgGjZoLaMQzqjpDJ/vqEP0tD3krLu9QGg47Qf2V
Eb/akAPnKhP80X0qtnYUE9dRIPtYUX3+9EqtHg0z1N2NxML7nWqU6z7L43GMbde8
8290MNifBUIITSqT6o9AXS/tasQRzJlv/SgZR8K+QGlPP6kGWHqH8sLA0M9cdZlK
YM+Ynk+GitL8yf+7S/6vchnRrBSUZHDXzueeU5wmTO0xxp7fVHobfQgAjydwRe4T
5F4gACuxU8HieobTkXNr3EP7ADOddM1sSn4M/yPwvanznYu2oIsb3sVOgNDKjbhp
fB7lxg1xfz8SROyK55rK6yk6FuVCJf2yMPXz106Au+TtUsCDr9i9qa6dP5lUHXej
o+CKf5prCnvJqY5SOCDzAW8xa4YjwoZ65AGWjkzIbypjVZUtxm1aXXPBL3EfO6/Y
6A3z+C1RZO9Uj9Ha8xN5WnHqhAjFaRqoOsXXApEQfvsWQQgYigjdWIE7IQ++K/Yk
7IXxwAHvo/L8VhKZt8xlQ9wGjeckMFyRnhhAI5D7Ow0SMqgIxl/pYV4KssDTvnKo
pemjjMgMZyoCkA==
=giI+
-----END PGP SIGNATURE-----
--SUOF0GtieIMvvwua--
