Anyhow, just put the domain in your blocks list and move on. But also note that blocking a whole /18 on the fact that one domain was registered with them on their dns records.. is, well.. I guess I have not been on the list to make any assertions like that, but you get the idea.
Chris
Larry Price wrote:
I know I've tried it many times.
On Wednesday, February 4, 2004, at 10:08 PM, T. Joseph Carter wrote:
While all of this is simple and obvious, I'm surprised that Chris actually
bothered to mail all of the homework. He has friends at ev1 and *ahem*
someone here at UO has blocked apparently the /18 containing ev1 from
sending mail to anyone here at the university.
Klingon Mail Administrator, mmmm.
Anyway, our spammer is running an NT box which is relatively wide open. That's more than I bothered to look into, but the knowledge might be useful to someone who is bored I guess. ;)
Uh no, it's not a good idea. If you want to break into boxes, set up a lab and do your worst, to boxes that you own. Fscking around the internet like that is a sure way to get a visit
from men in suits driving Ford Broncos w/ government plates.
Chris:
On that note, I would not take any kind of connotations from the fact that the domain name has ev1servers.net in it's whois as contact information. This is a very poor way of finding out what is actually going on here. So instead, I did some investigating:<snip of data trawl>
I stopped doing this type of investigation during work hours sometime ago. it's not worth it
The only thing ev1servers has to do with this is that it is the registrar. Obviously the other contact info is not legit either. You can report domains on that, but I fail to remember where. And if it is legit, well.. you guys can figure out what to do to someone who spams a linux user groups email addy :D.
even if you did track this one down there;s a hundred others waiting to take their place.
remember that spammers are criminals and given the nature of the thing it's quite possible
that an NT4.0 box with radmind on it has been 0wnz0red for some time.
So if you were truly wanting to track down the spammer to it's lair; what chris produced
is basically just the first link in the chain.
The next step is a traceroute:
traceroute to 211.152.14.68 (211.152.14.68), 64 hops max, 40 byte packets
1 router.willamette.net (207.189.128.254) 191.555 ms 0.927 ms 0.442 ms
2 fe1-0-120.gw1.eug.or.uspops.net (216.239.169.121) 0.772 ms 1.037 ms 1.106 ms
3 fe1-0.gw0.eug.or.uspops.net (216.239.168.2) 0.806 ms 1.307 ms 1.254 ms
4 t3-1-3-1.ar2.SEA1.gblx.net (67.17.210.245) 6.229 ms 6.624 ms 11.393 ms
5 pos10-0-2488M.cr1.SEA1.gblx.net (67.17.71.182) 8.750 ms pos10-0-2488M.cr2.SEA1.gblx.net (67.17.71.186) 6.184 ms 6.655 ms
6 so1-1-0-2488M.ar1.SJC2.gblx.net (67.17.64.65) 26.229 ms 26.747 ms 26.826 ms
7 208.50.13.94 (208.50.13.94) 33.606 ms 34.630 ms 33.449 ms
8 sl-bb25-sj-2-0.sprintlink.net (144.232.9.241) 33.983 ms 34.521 ms 34.440 ms
9 sl-bb23-ana-6-0.sprintlink.net (144.232.20.158) 33.374 ms 33.525 ms 33.281 ms
10 sl-gw23-ana-10-0.sprintlink.net (144.232.1.154) 33.169 ms 33.468 ms 33.277 ms
11 sl-chinnet-5-0.sprintlink.net (144.228.173.250) 266.007 ms sl-chinnet-4-0.sprintlink.net (160.81.244.170) 335.781 ms 334.550 ms
12 219.158.3.13 (219.158.3.13) 264.621 ms 252.260 ms 338.848 ms
13 202.96.12.38 (202.96.12.38) 460.666 ms 397.604 ms 480.835 ms
14 202.106.193.170 (202.106.193.170) 392.369 ms 479.602 ms *
15 202.106.193.206 (202.106.193.206) 468.088 ms 470.592 ms 388.166 ms
16 210.74.174.178 (210.74.174.178) 557.688 ms 480.228 ms 469.898 ms
17 bb64-hq-1-0.a-1.net (210.77.139.177) 471.201 ms 546.145 ms 542.015 ms
18 210.77.139.246 (210.77.139.246) 543.270 ms 524.198 ms 540.524 ms
19 echeckservice.com (211.152.14.68) 548.556 ms * 454.163 ms
I would say your best bet is finding a friendly and influential chinese net.guru
though probably not this person
Domain name: echeckservice.com
Registrant Contact: New Jiangnan Inc. Xiaoma Wang [EMAIL PROTECTED] 0086-571-88855239 fax: 0086-571-88855232 9A WeiXing Building.No.252 Wensan Road. Hangzhou Zhejiang 310012 cn
Administrative Contact: Xiaoma Wang [EMAIL PROTECTED] 0086-571-88855239 fax: 0086-571-88855232 9A WeiXing Building.No.252 Wensan Road. Hangzhou Zhejiang 310012 cn
Technical Contact: Xiaoma Wang [EMAIL PROTECTED] 0086-571-88855239 fax: 0086-571-88855232 9A WeiXing Building.No.252 Wensan Road. Hangzhou Zhejiang 310012 cn
Billing Contact: Xiaoma Wang [EMAIL PROTECTED] 0086-571-88855239 fax: 0086-571-88855232 9A WeiXing Building.No.252 Wensan Road. Hangzhou Zhejiang 310012 cn
DNS: ns1.dnsmadeeasy.com ns3.dnsmadeeasy.com
Created: 2003-11-03 Expires: 2004-11-03
--
Metaphors for system administration -----------------------------------------------
bailing the titanic with paper cups: or polishing the deck chairs thereof
steering an iceberg with a broom: nonexciting challenges await you
capturing runaway bulldozers: once is chance, twice coincidence, ...
_______________________________________________ EuG-LUG mailing list [EMAIL PROTECTED] http://mailman.efn.org/cgi-bin/listinfo/eug-lug
_______________________________________________ EuG-LUG mailing list [EMAIL PROTECTED] http://mailman.efn.org/cgi-bin/listinfo/eug-lug
