[70583] in North American Network Operators' Group
Re: Barracuda Networks Spam Firewall
daemon@ATHENA.MIT.EDU (Bruce Pinsky)
Wed May 19 20:14:18 2004
Date: Wed, 19 May 2004 17:12:40 -0700
From: Bruce Pinsky <bep@whack.org>
Reply-To: bep@whack.org
To: jcouzens@6o4.ca
Cc: "Eric A. Hall" <ehall@ehsco.com>, nanog@merit.edu
In-Reply-To: <1085011579.8601.140.camel@antitrust.6o4.ca>
Errors-To: owner-nanog-outgoing@merit.edu
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
James Couzens wrote:
| On Wed, 2004-05-19 at 16:24, Eric A. Hall wrote:
|
|>extract hostname from url, dig on hostname, whois on addr, and nine times
|>out of ten the host is in a CN netblock. that's from the spam that gets
|>into my mailbox.
|
|
| Yes I understand that is what you meant. I just did this on 5 spam in
| my mail box, I got:
|
| Domain Name: AAFMALE.BIZ (www.aafmale.biz)
| Registrant Country: Canada
| Resolves to address: 218.232.109.220 (KRNIC-K) (Korea)
|
| Domain Name: PLANENEWS.COM
| Registrant Country: France
| Resolves to address: 216.92.194.65 (PAIRNET-BLK-3) (United States)
|
| Domain Name: MIRGOS.ORG
| Registrant Country: Russia
| Resolves to address: 211.198.200.208 (KRNIC-KR) (Korea)
|
| Domain Name: WINSPR.BIZ (iityvzbtpvw.winspr.biz)
| Registrant Country: New Zealand
| Resolves to address: 221.233.29.33 (CHINANET-HB-JZ7) (China)
|
| While it is only 5 mails, and certainly nothing to judge by, it does not
| seem to be 90%. Although Korea under APNIC it is not China.
|
|
Similar results. Got 2 in the US, one in Brazil, one in Korea, and one in
China.
- --
=========
bep
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (MingW32)
iD8DBQFAq/f4E1XcgMgrtyYRAhyJAKCrFKCYtQXJKaaqS52mQprWhIrb7gCgxvNY
0iH1BTcznV3Q1d2bFhI+mHo=
=nIXz
-----END PGP SIGNATURE-----
