Re: Comment spammers chewing blogger bandwidth like crazy
Date: Sat, 13 Jan 2007 18:58:02 +0000 (GMT) From: "Chris L. Morrow" <christopher.morrow@verizonbusiness.com> Subject: Re: Comment spammers chewing blogger bandwidth like crazy To: Thomas Leavitt <thomas@thomasleavitt.org> Cc: nanog <nanog@merit.edu>
On Sat, 13 Jan 2007, Thomas Leavitt wrote:
Why has 195.225.177.46, an IP in Ukraine, been eating a tremendous amount of bandwidth? What are they doing?
this isn't in the ukraine, it's in NYC behind ISPrime. Phil is fairly hhelpful, you might ask them to 'figure out what the heck is going on' with that ip :)
-Chris (unless the ukraine got a whole lot closer to IAD than I thought: 64 bytes from 195.225.177.46: icmp_seq=1 ttl=55 time=13.1 ms 64 bytes from 195.225.177.46: icmp_seq=2 ttl=55 time=24.5 ms
Um-m-m-m... % Information related to '195.225.176.0 - 195.225.179.255' inetnum: 195.225.176.0 - 195.225.179.255 netname: NETCATHOST descr: NetcatHosting country: UA admin-c: VS1142-RIPE tech-c: VS1142-RIPE status: ASSIGNED PI mnt-by: RIPE-NCC-HM-PI-MNT mnt-lower: RIPE-NCC-HM-PI-MNT mnt-by: NETCATHOST-MNT mnt-routes: NETCATHOST-MNT notify: vs@netcathost.com changed: hostmaster@ripe.net 20040304 source: RIPE remarks: *************************************** remarks: * Abuse contacts: abuse@netcathost.com * remarks: *************************************** person: Vsevolod Stetsinsky address: 01110, Ukraine, Kiev, 20Á, Solomenskaya street. room 206. phone: +38 050 6226676 e-mail: vs@netcathost.com nic-hdl: VS1142-RIPE changed: vs@netcathost.com 20040303 source: RIPE
)
--------------------------------------------------------------------- Gregory Hicks | Principal Systems Engineer Cadence Design Systems | Direct: 408.576.3609 555 River Oaks Pkwy M/S 9B1 San Jose, CA 95134 I am perfectly capable of learning from my mistakes. I will surely learn a great deal today. "A democracy is a sheep and two wolves deciding on what to have for lunch. Freedom is a well armed sheep contesting the results of the decision." - Benjamin Franklin "The best we can hope for concerning the people at large is that they be properly armed." --Alexander Hamilton
On Sat, 13 Jan 2007, Gregory Hicks wrote:
Date: Sat, 13 Jan 2007 18:58:02 +0000 (GMT) From: "Chris L. Morrow" <christopher.morrow@verizonbusiness.com> Subject: Re: Comment spammers chewing blogger bandwidth like crazy To: Thomas Leavitt <thomas@thomasleavitt.org> Cc: nanog <nanog@merit.edu>
On Sat, 13 Jan 2007, Thomas Leavitt wrote:
Why has 195.225.177.46, an IP in Ukraine, been eating a tremendous amount of bandwidth? What are they doing?
this isn't in the ukraine, it's in NYC behind ISPrime. Phil is fairly hhelpful, you might ask them to 'figure out what the heck is going on' with that ip :)
-Chris (unless the ukraine got a whole lot closer to IAD than I thought: 64 bytes from 195.225.177.46: icmp_seq=1 ttl=55 time=13.1 ms 64 bytes from 195.225.177.46: icmp_seq=2 ttl=55 time=24.5 ms
Um-m-m-m...
% Information related to '195.225.176.0 - 195.225.179.255'
inetnum: 195.225.176.0 - 195.225.179.255 netname: NETCATHOST descr: NetcatHosting
yes, but 'whois info' is not often 'correct' especially in this case, traceroute to it, unless ISPrime has some time-space vortex that ip (that one of the /22) is actually in NYC. speed-o-light don't often lie...
Surprise, a spammer is operating from IPs with fake registration data. I'm shocked... NOT! Owen On Jan 13, 2007, at 11:53 AM, Gregory Hicks wrote:
Date: Sat, 13 Jan 2007 18:58:02 +0000 (GMT) From: "Chris L. Morrow" <christopher.morrow@verizonbusiness.com> Subject: Re: Comment spammers chewing blogger bandwidth like crazy To: Thomas Leavitt <thomas@thomasleavitt.org> Cc: nanog <nanog@merit.edu>
On Sat, 13 Jan 2007, Thomas Leavitt wrote:
Why has 195.225.177.46, an IP in Ukraine, been eating a tremendous amount of bandwidth? What are they doing?
this isn't in the ukraine, it's in NYC behind ISPrime. Phil is fairly hhelpful, you might ask them to 'figure out what the heck is going on' with that ip :)
-Chris (unless the ukraine got a whole lot closer to IAD than I thought: 64 bytes from 195.225.177.46: icmp_seq=1 ttl=55 time=13.1 ms 64 bytes from 195.225.177.46: icmp_seq=2 ttl=55 time=24.5 ms
Um-m-m-m...
% Information related to '195.225.176.0 - 195.225.179.255'
inetnum: 195.225.176.0 - 195.225.179.255 netname: NETCATHOST descr: NetcatHosting country: UA admin-c: VS1142-RIPE tech-c: VS1142-RIPE status: ASSIGNED PI mnt-by: RIPE-NCC-HM-PI-MNT mnt-lower: RIPE-NCC-HM-PI-MNT mnt-by: NETCATHOST-MNT mnt-routes: NETCATHOST-MNT notify: vs@netcathost.com changed: hostmaster@ripe.net 20040304 source: RIPE remarks: *************************************** remarks: * Abuse contacts: abuse@netcathost.com * remarks: ***************************************
person: Vsevolod Stetsinsky address: 01110, Ukraine, Kiev, 20Á, Solomenskaya street. room 206. phone: +38 050 6226676 e-mail: vs@netcathost.com nic-hdl: VS1142-RIPE changed: vs@netcathost.com 20040303 source: RIPE
)
--------------------------------------------------------------------- Gregory Hicks | Principal Systems Engineer Cadence Design Systems | Direct: 408.576.3609 555 River Oaks Pkwy M/S 9B1 San Jose, CA 95134
I am perfectly capable of learning from my mistakes. I will surely learn a great deal today.
"A democracy is a sheep and two wolves deciding on what to have for lunch. Freedom is a well armed sheep contesting the results of the decision." - Benjamin Franklin
"The best we can hope for concerning the people at large is that they be properly armed." --Alexander Hamilton
Hi Owen, What makes you think that the registration is fake? Just curious. :-) Pierre. On 1/13/07, Owen DeLong <owen@delong.com> wrote:
Surprise, a spammer is operating from IPs with fake registration data. I'm shocked... NOT!
Owen
On Jan 13, 2007, at 11:53 AM, Gregory Hicks wrote:
Date: Sat, 13 Jan 2007 18:58:02 +0000 (GMT) From: "Chris L. Morrow" <christopher.morrow@verizonbusiness.com> Subject: Re: Comment spammers chewing blogger bandwidth like crazy To: Thomas Leavitt <thomas@thomasleavitt.org> Cc: nanog <nanog@merit.edu>
On Sat, 13 Jan 2007, Thomas Leavitt wrote:
Why has 195.225.177.46, an IP in Ukraine, been eating a tremendous amount of bandwidth? What are they doing?
this isn't in the ukraine, it's in NYC behind ISPrime. Phil is fairly hhelpful, you might ask them to 'figure out what the heck is going on' with that ip :)
-Chris (unless the ukraine got a whole lot closer to IAD than I thought: 64 bytes from 195.225.177.46: icmp_seq=1 ttl=55 time=13.1 ms 64 bytes from 195.225.177.46: icmp_seq=2 ttl=55 time=24.5 ms
Um-m-m-m...
% Information related to '195.225.176.0 - 195.225.179.255'
inetnum: 195.225.176.0 - 195.225.179.255 netname: NETCATHOST descr: NetcatHosting country: UA admin-c: VS1142-RIPE tech-c: VS1142-RIPE status: ASSIGNED PI mnt-by: RIPE-NCC-HM-PI-MNT mnt-lower: RIPE-NCC-HM-PI-MNT mnt-by: NETCATHOST-MNT mnt-routes: NETCATHOST-MNT notify: vs@netcathost.com changed: hostmaster@ripe.net 20040304 source: RIPE remarks: *************************************** remarks: * Abuse contacts: abuse@netcathost.com * remarks: ***************************************
person: Vsevolod Stetsinsky address: 01110, Ukraine, Kiev, 20Á, Solomenskaya street. room 206. phone: +38 050 6226676 e-mail: vs@netcathost.com nic-hdl: VS1142-RIPE changed: vs@netcathost.com 20040303 source: RIPE
)
--------------------------------------------------------------------- Gregory Hicks | Principal Systems Engineer Cadence Design Systems | Direct: 408.576.3609 555 River Oaks Pkwy M/S 9B1 San Jose, CA 95134
I am perfectly capable of learning from my mistakes. I will surely learn a great deal today.
"A democracy is a sheep and two wolves deciding on what to have for lunch. Freedom is a well armed sheep contesting the results of the decision." - Benjamin Franklin
"The best we can hope for concerning the people at large is that they be properly armed." --Alexander Hamilton
participants (4)
-
Chris L. Morrow
-
Gregory Hicks
-
Owen DeLong
-
Pierre Baume