Hi!
We got some spam mail from
Received: from 1cust151.tnt1.tampa.fl.da.uu.net (HELO byte007)
(153.37.184.151)
by relay.ipf.net with SMTP; 10 May 1998 04:47:58 -0000
and i cannot query the database (arin , ripe or radb) for the owner of
this network.
Any hints ?
If we can find the sender, then we go for a hunt against this spammers.
So far...
Greetings
Jan Czmok
IPF.NET NOC
more headers :
Return-Path: hioqibua38@msn.com
Delivery-Date: Sun May 10 04:48:03 1998
Received: (qmail 26693 invoked from network); 10 May 1998 04:48:03
-0000
Received: from claven.cse.psu.edu (HELO cse.psu.edu) (130.203.3.50)
by finch.cse.psu.edu with SMTP; 10 May 1998 04:48:03 -0000
Received: from relay.ipf.net (relay.ipf.net [195.88.0.13]) by
cse.psu.edu (8.8.8/8.7.3) with SMTP id AAA21505 for
<0000@0000.cs.psu.edu>; Sun, 10 May 1998 00:48:02 -0400 (EDT)
Date: Sun, 10 May 1998 00:48:02 -0400 (EDT)
From: hioqibua38@msn.com
Received: (qmail 13706 invoked from network); 10 May 1998 04:47:58
-0000
Received: from 1cust151.tnt1.tampa.fl.da.uu.net (HELO byte007)
(153.37.184.151)
I debated posting this to this list instead of mailing it privately,
but I decided the response had some pedagogical value, for some folks,
anyway (and y'all who needed to know this are invited to write
privately and tell me so, so I have some ammo when randy and jhawk jump
my shit. 
The .uu.net on the lookup implies that the port belongs, physically, to
UUnet; the tnt1 means it's a dialup port on the Tampa, Florida, POP,
which is an Ascend MAX TNT.
You'll have to send it to uunet, to find out which of their lessees'
customers it is, they should be able to look it up in radius logs,
based on the entire headers in the message.
Note that you may have to explicitly point out to them that you _know_
it may not be their customer, and that you also know that they _can_
look up whose customer is _is_ and forward the report along --
otherwise they've demonstrated a disturbing habit in the past of
playing dumb, at least with me.
I believe the proper address is abuse@uu.net, unless a DOS attack or
something criminal appears to be involved, in which case, send it to
security@uu.net.
Cheers,
-- jra
Jan,
Looks like a UUnet dialup user to me. I'd say call UUnet's NOC,
find out to whom this dialup was resold (e.g. Mindspring, Earthlink,
etc...) and give them a call. Good luck.
Blake Willis
CAIS Engineering
And if the NOC actually provides that info, please drop me a line. Their
abuse people keep telling us on SPAM-L that they their legal VP won't let
them release the names of the resellers using the POPs. If there's a way
around that...it'd be most handy...
Mr. Spammer, meet Mr. Mallet...
Dean Robb
PC-Easy
On-site computer services
(757) 495-EASY [3279]
FYI, MindSpring does not use UUNet dialups.
Brandon Ross Network Engineering 404-815-0770 800-719-4664
Director, Network Engineering, MindSpring Ent., Inc. info@mindspring.com
AOL Instant Messenger: Brandon NR ICQ: 2269442
Stop Smurf attacks! Configure your router interfaces to block directed
broadcasts. See http://www.quadrunner.com/~chuegen/smurf.cgi for details.
I don't expect them to release it to _me_, but if they refuse to pursue
the spam problem with _their_ customer, whom they _can identify_, then,
well... maybe it's time for someone to threaten
president@whitehouse.gov via a leased UUnet dialup...
Cheers,
-- jra
I'm sure it's happened already.
You realize this is enough to prompt a call by the secret service...
Don't encourage the clueless, else they might actually do something like that.
--Dean
Forgive me, of course you're right, and I knew that; it's been a bad
week.
Cheers,
-- jra
>well... maybe it's time for someone to threaten
>president@whitehouse.gov via a leased UUnet dialup...
You realize this is enough to prompt a call by the secret service...
To _me_? What I said wasn't a threat, cannot be construed as a threat,
nor even an incitement to _make_ a threat, as I wasn't directing it
_to_ anyone.
SS people don't smile. It's in the handbook, page 6.
Don't encourage the clueless, else they might actually do something like that.
Not my problem.
Cheers,
-- jra
Hi,
well... maybe it's time for someone to threaten
president@whitehouse.gov via a leased UUnet dialup...
You realize this is enough to prompt a call by the secret service...
Don't encourage the clueless, else they might actually do something like
that.
As a person who has been getting a call and/or email from the US Secret
Service, the FBI, the NCIS, and probably the CIA (but if they told me,
they'd have to kill me of course), every other week, I'll just say the
clueless don't need encouragement (also, it'd be nice if someone in the US
gov't could read the little lines that say "check the APNIC database before
contacting APNIC". But then again, why should the US Gov't be any
different that the people in the US?)
Regards,
-drc