From nanog@merit.edu Mon Nov 17 18:30:54 1997
Received: from www.RVC.CC.IL.US (www.RVC.CC.IL.US [207.142.145.2]) by
mozart.lib.uchicago.edu (8.8.5/8.6.4) with SMTP id SAA21563 for
<marilyn-request@mozart.lib.uchicago.edu>; Mon, 17 Nov 1997 18:30:54 -0600
Received: from merit.edu (166.72.5.121) by www.RVC.CC.IL.US
(EMWAC SMTPRS 0.81) with SMTP id <B0000000018@www.RVC.CC.IL.US>;
Mon, 17 Nov 1997 18:44:02 -0600
Date: Mon, 17 Nov 1997 18:44:02 -0600
Message-ID: <B0000000018@www.RVC.CC.IL.US>
From: NANOG Mailing List <nanog@merit.edu>
Subject: subscribe
In looking at this message that someone forwarded me.. It looks like the
message originated at one of our customers web servers.. I have called
and left messages for the sysadmins of this school.. We do not have any
after hours numbers.
Does anyone else have the bounces with headers so that I can verify or
not that it is this customer?
I will say that it is sorta ironic that I started this thread and it
seems to be originating from one of our customers... ![:frowning: :frowning:](https://community.nanog.org/images/emoji/apple/frowning.png?v=12)
) >From nanog@merit.edu Mon Nov 17 18:30:54 1997
) >Received: from www.RVC.CC.IL.US (www.RVC.CC.IL.US [207.142.145.2]) by
) mozart.lib.uchicago.edu (8.8.5/8.6.4) with SMTP id SAA21563 for
) <marilyn-request@mozart.lib.uchicago.edu>; Mon, 17 Nov 1997 18:30:54 -0600
) >Received: from merit.edu (166.72.5.121) by www.RVC.CC.IL.US
^^^^^^^^^^^^
) > (EMWAC SMTPRS 0.81) with SMTP id <B0000000018@www.RVC.CC.IL.US>;
) > Mon, 17 Nov 1997 18:44:02 -0600
) >Date: Mon, 17 Nov 1997 18:44:02 -0600
) >Message-ID: <B0000000018@www.RVC.CC.IL.US>
) >From: NANOG Mailing List <nanog@merit.edu>
) >Subject: subscribe
)
) In looking at this message that someone forwarded me.. It looks like the
) message originated at one of our customers web servers.. I have called
) and left messages for the sysadmins of this school.. We do not have any
) after hours numbers.
)
) Does anyone else have the bounces with headers so that I can verify or
) not that it is this customer?
)
) I will say that it is sorta ironic that I started this thread and it
) seems to be originating from one of our customers... ![:frowning: :frowning:](/images/emoji/apple/frowning.png?v=9)
It really is too bad people neglect to note that non-mainstream mail
transport agents don't necessarily report messages paths the way
mainstream ones.
root@narnia:~# host 166.72.5.121
121.5.72.166.IN-ADDR.ARPA domain name pointer slip166-72-5-121.il.us.ibm.net
root@narnia:~#
I've already contacted abuse@ibm.net and support@ibm.net about this.
Unless this is a particularly cunning individual, not only sending a fake
host name but also identifying another IP, not associated with that
hostname, so as to throw suspicion onto some other provider, I believe
it's fairly safe to say an ibm.net dialup user is the purpetrator, and
www.RVC.CC.IL.US was used solely as a mail relay.