From: Gregory Alan Bolcer (gbolcer@endtech.com)
Date: Sat Jan 20 2001 - 10:19:07 PST
Hey Marco,
I am assuming from the email that you read the message
in the FoRK archive: http://xent.ics.uci.edu/FoRK-archive/july98/0106.html
You may have also seen the Beer Broiled Spam message at:
http://xent.ics.uci.edu/FoRK-archive/july98/0302.html
In reference to machine: 1Cust237.tnt9.jacksonville.fl.da.uu.net
These are probably dialup machines set up by
UUNet. Even though it mentions Jacksonville, you
can't always assume that's where the dialup or machine
is located as some big dialup companies regionalize their
servers or even just use alphabetical naming conventions.
It's almmost certain that the spammer has a non-fixed
IP, so even if you can find the traceroute to the machine,
that machine may be some other innocent dialup user who
was round-robin allocated the IP number.
If you use altavista or google, you can do a search
on +1Cust237.tnt9.jacksonville.fl.da.uu.net or just +da.uu.net
and it will show you all the various people that use uunet
as their ISP. Other than that, there's not much you can
determine without enlisting the help of the network provider.
Send the full headers to abuse@uu.net; I seem to get
a lot of spam over their lines nowadays too, but they
tend to take spamming seriously. The very least they can do
is cancel the offending account; if enough accounts are registered
and re-registered, sometimes they can determine the actual registered
user or group of users and ban them. Typically the ISP is
an unwilling participant.
If you're a little more daring, you might try collecting a little
more information through ping, traceroute, last, finger, telnet, telnet port 80,
portscan, and a whole variety of other network admin tools.
Another trick is to use the networksolutions WhoIs lookup on
some of the mail headers and send the same spam complaint to the
appropriate abuse addresses for each network provider. All network
providers don't like being identified by other network providers and
spammers, so typically, if they get a spam complaint from another,
they'll handle it very quickly.
Hope this helps,
Greg
Marco Franse wrote:
>
> Hi,
>
> In noticed your name on a forum abour spam tracking and I was just
> interested to know. I've recently noticed that quite a lot
> of spam orginates from the IP address 63.29.57.237. Looking this up, I came
> up with the hostname
> 1Cust237.tnt9.jacksonville.fl.da.uu.net
>
> There are of course many variations of this like:
> 1Cust51.tnt26.chi5.da.uu.net
> 1cust165.tnt1.smyrna.ga.da.uu.net
> And many others. The common denominator being the da.nuu.net
>
> Being a novice at this, I have been unable to trace it to an ISP. How to I
> go about doing this from the IP and hostname?
>
> Any suggestions would be appreciated.
>
> Thanks
> Marco
>
> ICQ: 20253245
> Yahoo Messenger: ozbro
> AOL IM: ozbro2536
> http://www.angelfire.com/me2/aboutmarco
-- Gregory Alan Bolcer | gbolcer@endtech.com | work: 949.833.2800 Chief Technology Officer | http://www.endtech.com | cell: 714.928.5476 Endeavors Technology, Inc. | efax: 603.994.0516 | wap: 949.278.2805
This archive was generated by hypermail 2b29 : Sun Jan 21 2001 - 04:07:18 PST