Jan, 153.35.0.0/16, 153.36.0.0/16, 153.37.0.0/16 *all* belong to UU.NET and are used for multiple nationwide ISP dialups. Send mail to abuse@uu.net, and consider blocking these prefixes from connecting to your SMTP servers. Jay Stewart Vice President Olympia Networking Services - "Olympia's Premier ISP" Phone (360) 753.3636 Fax (360) 357.6160 http://www.olywa.net --------------------- C:\>whois -h whois.arin.net 153.37.0.0 UUNET Technologies, Inc. (NET-UUNETCUSTB37) 3060 Williams Drive Fairfax, VA 22031 Netname: UUNETCUSTB37 Netnumber: 153.37.0.0 Coordinator: Uunet, AlterNet - Technical Support (OA12-ARIN) help@UUNET.UU.NET +1 (800) 900-0241 Alternate Contact: UUNET Postmaster (UUPM-ARIN) postmaster@uunet.uu.net 703-206-5440 Domain System inverse mapping provided by: HUGIN.UU.NET 153.39.242.112 MUNIN.UU.NET 153.39.242.113 AUTH60.NS.UU.NET 198.6.2.181 Record last updated on 21-May-97. Database last updated on 8-May-98 16:08:58 EDT. The ARIN Registration Services Host contains ONLY Internet Network Information: Networks, ASN's, and related POC's. Please use the whois server at rs.internic.net for DOMAIN related Information and nic.ddn.mil for MILNET Information. -----Original Message----- From: Jan Czmok <czmok@ipf.de> To: nanog@merit.edu <nanog@merit.edu> Date: Monday, May 11, 1998 9:19 AM Subject: Spam .. Find the sender !
Hi!
We got some spam mail from
Received: from 1cust151.tnt1.tampa.fl.da.uu.net (HELO byte007) (153.37.184.151) by relay.ipf.net with SMTP; 10 May 1998 04:47:58 -0000
and i cannot query the database (arin , ripe or radb) for the owner of this network. Any hints ?
If we can find the sender, then we go for a hunt against this spammers.
So far...
Greetings
Jan Czmok IPF.NET NOC
more headers :
Return-Path: hioqibua38@msn.com
Delivery-Date: Sun May 10 04:48:03 1998 Received: (qmail 26693 invoked from network); 10 May 1998 04:48:03 -0000 Received: from claven.cse.psu.edu (HELO cse.psu.edu) (130.203.3.50) by finch.cse.psu.edu with SMTP; 10 May 1998 04:48:03 -0000 Received: from relay.ipf.net (relay.ipf.net [195.88.0.13]) by cse.psu.edu (8.8.8/8.7.3) with SMTP id AAA21505 for <0000@0000.cs.psu.edu>; Sun, 10 May 1998 00:48:02 -0400 (EDT) Date: Sun, 10 May 1998 00:48:02 -0400 (EDT) From: hioqibua38@msn.com Received: (qmail 13706 invoked from network); 10 May 1998 04:47:58 -0000 Received: from 1cust151.tnt1.tampa.fl.da.uu.net (HELO byte007) (153.37.184.151) by relay.ipf.net with SMTP; 10 May 1998 04:47:58 -0000 To: hioqibua38@msn.com Comments: Authenticated sender is <hioqibua38@msn.com> Errors-To: shadow007@hotmail.com Subject: DO YOU KNOW HIS OR HER BACKGROUND??? Message-Id: <199805103688SAA3125@post.ipf.net>
[ On Mon, May 11, 1998 at 09:27:50 (-0700), Jay Stewart wrote: ]
Subject: Re: Spam .. Find the sender !
153.35.0.0/16, 153.36.0.0/16, 153.37.0.0/16 *all* belong to UU.NET and are used for multiple nationwide ISP dialups. Send mail to abuse@uu.net, and consider blocking these prefixes from connecting to your SMTP servers.
Can anyone confirm that the entirety of these /16 networks (i.e. NET-UUNETCUSTB35, NET-UUNETCUSTB36, and NET-UUNETCUSTB37) are all used for dial-up by UUNET? Are there any more? I'd love to add them to my TCP Wrappers config, but since I publish that list I'd like to know with a bit more certainty than just "I heard it on NANOG".... I wish all dial-up providers would use an easily recognizable (by TCP Wrappers) subdomain for their dial-up port PTRs, and that they'd all co-operatively publish these domain names in some common place..... My current list of such subdomains is available down at the end of: http://www.robohack.planix.com/~woods/hosts.allow.txt -- Greg A. Woods +1 416 443-1734 VE3TCP <gwoods@acm.org> <robohack!woods> Planix, Inc. <woods@planix.com>; Secrets of the Weird <woods@weird.com>
participants (2)
-
Jay Stewart -
woods@most.weird.com