To report smurfs in a more automated fashion we need a utility that'll take an IP number as input and then return email adresses from the arin/ripe whois database. I guess this can be done an an hour or five :) but I wonder if someone already has done this and would consider posting it here or to me privately? I was also pondering if mail should be sent to upstream providers or not, for instance, if one of netcoms customers was a smurf intermediate, doing a whois on their /24 would reveal both them and netcom, should an email be sent to both? I think this would be a good thing the way things are run here in Europe (when the ISP often owns the router placed at the customers location) but I dont know how it is run over over there so perhaps someone could enlighten me and give me an opinion? ----- Mikael Abrahamsson email: swmike@swm.pp.se
On Mon, Jun 08, 1998 at 09:38:41AM +0200, Mikael Abrahamsson wrote: | To report smurfs in a more automated fashion we need a utility that'll | take an IP number as input and then return email adresses from the | arin/ripe whois database. I guess this can be done an an hour or five :) | but I wonder if someone already has done this and would consider posting | it here or to me privately? ipw. I love it. Return-Path: <owner-spam-l@PEACH.EASE.LSOFT.COM> X-Copyright: (c) 1997 Ronald F. Guilmette; All rights reserved. Message-ID: <4546.895266008@monkeys.com> Date: Fri, 15 May 1998 14:00:08 -0700 Reply-To: rfg@monkeys.com Sender: Spam Prevention Discussion List <SPAM-L@PEACH.EASE.LSOFT.COM> From: "Ronald F. Guilmette" <spam-l@monkeys.com> Subject: SPAM COMPLAINERS TOOL: IPW v1.2 released (web interface also available) To: SPAM-L@PEACH.EASE.LSOFT.COM Status: RO Content-Length: 8398 Lines: 149 I have created a small utility program which can be a useful aid whenever you are attempting to find the ARIN/RIPE/APNIC registration record for a given IP address. In particular, this program, called `ipw' (IP whois) may be particularly useful when trying to find the E-mail addresses of the regis- tered owners/administrators of a given IP address which contains either the original source IP address of a given spam message or the IP address of some mail server through which a spam message has been relayed or the IP address of a spammed-for web site. Finding the correct E-mail address to send a complaint to which relates to a given IP address used to be a rather time-consuming task, because you would often have to look at all three of the IP address registration data bases (i.e. ARIN, RIPE, APNIC) and/or you would have to perform multiple queries on the ARIN data base in order to get the complete record for just the specific IP address block of interest. The `ipw' utility greatly simplifies the task of finding the most relevant (i.e. smallest containing) IP address block registration record for a given IP address by automating the otherwise tedious search process. ipw will make queries on the ARIN, RIPE, and APNIC data bases, as necessary (and may perhaps make multiple queries in the case of the ARIN data base) in order to find the more relevant IP address regis- tration record for the IP address you give it as a command line argument. (Note that the registration record, once found, will usually contain one or more E-mail addresses corresponding to the registered owner(s) of the IP address block in question, and complaints about spammish activities relating to that IP address block can be, and probably should be sent to those ad- dresses.) ANSI/ISO C source code for the ipw.c program may be found in the directory: http://www.e-scrub.com/ipw/ along with a suitable Makefile for the program. (Note that the program is really only designed to run on UNIX, so if you want to port it to some other operating system, I will wish you luck but I will also tell you that you are basically on your own.) Following the initial release of the 1.0 version of ipw, many fatal bugs were found and fixed, and the current version number is 1.2. Marty Bower <marty@mjhb.com> was kind enough to put put a nice friendly web- based interface to my `ipw' program, and it can be found at: http://mjhb.marina-del-rey.ca.us/cgi-bin/ipw.pl Please try it out. Both Marty and I believe that you will find it quite useful when trying to find appropriate E-mail addresses to send spam com- plaints to. One final note... Styles and methods of complaining about spam vary widely, however I think it is worth a minute or two to explain why this program in particular should be used by all persons who regularly complain about spam. The primary reason for using this program to find E-mail addresses to com- plain to is that it will help you to find some address to send complaints to where the recipients might actually give a damn about your complaint. Many people who complain about spam do so in a rather naive and misguided fashion. They get a spam from (for example) `mail.porno-king.com' or else they get a spam promoting the web site `www.porno-king.com' and they promptly proceed to send a spam complaint nastygram to <postmaster@porno-king.com>. Well guess what folks? 9 times out of 10, <postmaster@porno-king.com> *is* the spammer, and he will just throw your complaint into the bit-bucket, or worse, he will wait until late Fraday night when all of the system admini- strators have left for the weekend and then he will mailbomb the hell out of you in retaliation for you having had the audacity to complain about his spamming. The essence of intelligent spam complaining is to find someone who might actually behave responsibly when sent a spam complaint. Finding such people is actually rather easy. You just need to find someone who has more than a trivial/modest investment in his/her Internet resources. A spammer who has one little old Windoze box on one IP address and who has one domain name (e.g. porno-king.com) has almost no real investment in his setup and he can pull up his stakes and move on to greener pastures at a moment's notice. Not so for people who own entire IP address blocks of at least 256 addresses or more. These people tend to be the responsible ones and the ones who really don't like it when they find out that one of their customers is spamming. That is where the `ipw' utility comes in. It lets you find the E-mail address of the person who is responsible for the entire containing IP address block. Often, when the postmaster of the offending domain is unresponsive, the postmaster or registered contain address for the relevant IP address block *will* be responsive and *will* take action. So just to be on the safe side, I for one _always_ complain _both_ to the postmaster and registered contact addresses for the offending domain _and_ also to the postmaster and registered contact addresses for the IP address block which contains the IP address of the offending machine. Doing both gives me pretty good kill statistics, and I hope it will do so for you also. Two other notes... First, although ipw's job is really only to looking registration records for specific *IP addresses* it _will_ allow you to input a domain name as the search key. But don't be confused! When and if you do this, ipw will just do the equivalent of an `nslookup' on the domain name you give it (thus find- ing the corresponding IP address for that domain name) and then it will just do what it normally does, i.e. looking up the *IP address registration* for that IP address. Remember that there is a whole separate and parallel uni- verse of ``name oriented'' registration records (mostly stored in the Internic data base) that you can (and should) do lookups on also when trying to find places to complain about spam. A good place to do _these_ ``name oriented'' lookups is: http://www.allwhois.com/ Someday I hope to build something similar to the serach facility that is already available at www.allwhois.com (but with a simpler interface) but that is quite a ways off yet. My final note about the `ipw' utility is that in its current incarnation it makes no real efforts to tell you the exactly right place to send a complant, i.e. the place where you might have the greatest hope of getting a favorable response/outcome. In particular, there are still several big-time spamming companies on the net (e.g. Harris Marketing, Digital Intertainment, Ameriweb aka Linkus) that have their own IP address blocks and so if you do lookups using `ipw', the printed results may sometimes just show you the registration recoords for one of these annoying parasites. I hope to fix that in a later version of `ipw' but you will have to just struggle along for now and keep abrest of where and who the current well-known big-time spammers are. Aw heck... I just remembered one more important footnote about ipw. The output of ipw comes in two different formats... one format if the regis- tration records is found in the ARIN data base and a totally different format if the registration record is found in the RIPE or APNIC data bases. In the latter case, the records printed may show a whole lot of different E-mail addresses, *but* you will only be interested in the ones that appear on lines prefixed by the string "e-mail:". Those are the only ones that definitely belong to the people who own the relevant IP address block. Other E-mail addresses may appear in the registration record, but you should ignore those because they may just belong to whoever last modified the record in the data base, and that might have been someone unrelated to the actual owner of the IP address block in question. That's all. I hope you all make good use of this utility. Go yea forth and get those spammers! P.S. My sincere thanks to Marty Bower for putting together the web-based in- terface for ipw. That really makes it might more accessible for the general online public. -- Ron Guilmette, Roseville, California ---------- E-Scrub Technologies, Inc. -- Deadbolt(tm) Personal E-Mail Filter demo: http://www.e-scrub.com/deadbolt/ -- Wpoison (web harvester poisoning) - demo: http://www.e-scrub.com/wpoison/
participants (2)
-
Doug McLaren -
Mikael Abrahamsson