I've sent two messages to helpdesk.giasbm01.vsnl.net.in and to [EMAIL PROTECTED]
and to various other contacts associated with the IP address -- one the first
time it happened (when it went to the list and then within 5 minutes of my
posting a warning about it one was sent to me directly), and one last night.
The messages have basically said "please track down this user and terminate his
account or at least let him know he's spreading a virus". I've received no
response whatsoever to my requests.
Regards,
Eric Longman
Atl-Connect Internet Services
Quoting "J. Scott Schiller" <[EMAIL PROTECTED]>:
> While it probably can't hurt to drop a line, doesn't it
> seem plausible that the virus was passed out of an address
> book without the owner even knowing?
>
>
>
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Merlin
> Sent: Friday, November 17, 2000 12:23 AM
> To: opensrs-discuss
> Subject: On the trail of that pesky Virus Poster.
>
>
> and dont say it's nothing to do with this list......
>
> The Header: (the interesting part anyway)
> ==============
> X-Authentication-Warning: opensrs.org: majordomo set sender to
> [EMAIL PROTECTED] using -f
> Received: from bom3.vsnl.net.in (bom3.vsnl.net.in [202.54.4.24])
> by opensrs.org (8.9.3/8.9.3) with ESMTP id AAA23481
> for <[EMAIL PROTECTED]>; Fri, 17 Nov 2000 00:37:43 -0500
> Received: from default (unknown [203.197.52.124])
> by bom3.vsnl.net.in (Postfix) with SMTP id 20A102AEE
> for <[EMAIL PROTECTED]>; Fri, 17 Nov 2000 11:07:04 +0530 (IST)
> From: Hahaha <[EMAIL PROTECTED]>
> Subject: Snowhite and the Seven Dwarfs - The REAL story!
> =====================
>
> $ ping 203.197.52.124
> PING 203.197.52.124 (203.197.52.124): 56 data bytes
> 64 bytes from 203.197.52.124: icmp_seq=1 ttl=108 time=1860.361 ms
> 64 bytes from 203.197.52.124: icmp_seq=2 ttl=108 time=2190.421 ms
> 64 bytes from 203.197.52.124: icmp_seq=3 ttl=108 time=1810.393 ms
>
> So the turkey is home....
>
> Lets see where he comes from.
>
> $ dig -x 203.197.52.124
> ;; 124.52.197.203.in-addr.arpa, type = ANY, class = IN
>
> ;; AUTHORITY SECTION:
> 197.203.IN-ADDR.ARPA. 2h34m30s IN SOA dns.vsnl.net.in.
> helpdesk.giasbm01.vsnl
> .net.in. (
>
> $ whois giasbm01.vsnl.net.in
>
> Server Name: GIASBM01.VSNL.NET.IN
> IP Address: 202.54.1.18
> Registrar: NETWORK SOLUTIONS, INC.
> Whois Server: whois.networksolutions.com
> Referral URL: www.networksolutions.com
>
>
> So I'd say a polite message to [helpdesk.giasbm01.vsnl.net.in] giving
> them
> the IP and name of the offender may do it.
> Others may be able to obtain even more detailed info about the
> particular
> host....
>
> Bob
>
>
>
>
>
>
