On Sun, Feb 03, 2002 at 02:34:46AM -0600, nanog@adns.net said:
Starting about 6am eastern time, we began getting several hundred hits per second from IP address 195.188.22.6 to our WHOIS server.
It appears that they were running a rather well endowed dictionary against the database.
Beware - these are spammers (I know the address very well). Check your logs if you have any email servers or whois databases.
This is a jerk from England who is a known fraudster.
==== [sfrancis@silverlight:~]$ whois -r 195.188.22.6 <snip> descr: Please forward abuse issues descr: to abuse@blueyonder.co.uk <snip> ==== http://help.blueyonder.co.uk/rules/aup.html If this guy is obviously spamming, or data mining in preparation for spamming, it seems that blueyonder.co.uk could be contacted to have his access yanked. Failing that, cableinet.net could be contacted to have blueyonder.co.uk yanked. Of course, you may have already tried this and received little/no cooperation. *sigh* -- Scott Francis darkuncle@ [home:] d a r k u n c l e . n e t Systems/Network Manager sfrancis@ [work:] t o n o s . c o m GPG public key 0xCB33CCA7 illum oportet crescere me autem minui