fwd: contact for the world etc (nanog)
Oki all, FYI Eric ------- Forwarded Message Return-Path: bzs@world.std.com Delivery-Date: Tue Dec 14 15:07:09 2004 Return-Path: <bzs@world.std.com> Received: from TheWorld.com (pcls3.std.com [192.74.137.143]) by nic-naa.net (8.13.1/8.13.1) with ESMTP id iBEF78Cm009901 for <brunner@nic-naa.net>; Tue, 14 Dec 2004 15:07:08 GMT (envelope-from bzs@world.std.com) Received: from world.std.com (root@world-e.std.com [69.38.147.5]) by TheWorld.com (8.12.8p1/8.12.8) with ESMTP id iBEJ4rW5012319; Tue, 14 Dec 2004 14:04:53 -0500 Received: (from bzs@localhost) by world.std.com (8.12.8p1/8.12.8) id iBEJ4qV1016516; Tue, 14 Dec 2004 14:04:52 -0500 (EST) Date: Tue, 14 Dec 2004 14:04:52 -0500 (EST) Message-Id: <200412141904.iBEJ4qV1016516@world.std.com> From: Barry Shein <bzs@world.std.com> To: hannigan@theworld.com, brunner@nic-naa.net Subject: contact for the world etc (nanog) As far as I can tell I'm permanently blocked from nanog for no reason I understand or care much about. Oh well, if someone there wants info I have I guess they can pay my consulting rates. The text the guy cites isn't from our staff, we don't even have an auto-ack system. Maybe it's from some customer or maybe entirely forged, he doesn't include any headers and seems to just want to vent. Anyhow, that's all the time I plan to spend on this one, too bad nanog has become so useless. Feel free to forward. - -- -Barry Shein Software Tool & Die | bzs@TheWorld.com | http://www.TheWorld.com Purveyors to the Trade | Voice: 617-739-0202 | Login: 617-739-WRLD The World | Public Access Internet | Since 1989 *oo* ------- End of Forwarded Message
The text the guy cites isn't from our staff, we don't even have an auto-ack system. Maybe it's from some customer or maybe entirely forged, he doesn't include any headers and seems to just want to vent.
Barry, we can follow up offlist. Here's the full text of the email (one of a quite a few just yesterday). I'm unsure how abuse desks are supposed to even deal with things like this. We've plonked the user but we have no way to let you know. We also have no way of getting you to actually email abuse@everydns.net instead of my personal email address. -davidu ---EOF--- Received: (qmail 25489 invoked by uid 114); 14 Dec 2004 06:15:37 -0000 Received: from 192.74.137.144 by fiona (envelope-from <roky@TheWorld.com>, uid 106) with qmail-scanner-1.24 (clamdscan: 0.80/614. spamassassin: 3.0.1. Clear:RC:0(192.74.137.144):SA:0(4.4/5.0):. Processed in 3.873291 secs); 14 Dec 2004 06:15:37 -0000 X-Spam-Status: No, hits=4.4 required=5.0 X-Spam-Level: ++++ Received: from pcls4-e.std.com (HELO TheWorld.com) (192.74.137.144) by secure.perfectemail.net with SMTP; 14 Dec 2004 06:15:33 -0000 Received: (from roky@localhost) by TheWorld.com (8.12.8p1/8.12.8) id iBE6ACu2008864; Tue, 14 Dec 2004 01:10:12 -0500 Date: Tue, 14 Dec 2004 01:10:12 -0500 Message-Id: <200412140610.iBE6ACu2008864@TheWorld.com> To: lkioexiomixfu@beograd.every1.net References: <7972491103005094@CPE-65-27-11-91.kc.rr.com> In-Reply-To: <7972491103005094@CPE-65-27-11-91.kc.rr.com> From: MAILER-DAEMON@theworld.com (Mail Delivery Subsystem) Subject: EVERYDNS piracy spams not allowed X-Mailer: SpamStopper Cc: uce@ftc.gov, security@level3.net, davidu@everydns.net This is an automated mailing in response to your spamvertisement for pirated software - and porn websites purporting to depict images of rape. If you are receiving this message it is likely because you are a spammer. Perhaps you host the site of the spammer, last seen at 147.45.35.145 (APPZPLANET.COM; APPZPLA.NET). Then, you are a spammer. DNS for this netblock is owned by free.net/run.net, administered by hobot.ru, and zone-transferred by hobot.ru (possibly illegally) to EV1.NET's spammer- service subsidiary "EVERYDNS.NET" - also known as freelooklist.com, perfectemail.net, stayoff.org, etc. domain: HOBOT.RU type: CORPORATE nserver: ns1.everydns.net. nserver: ns2.everydns.net. nserver: ns3.everydns.net. nserver: ns4.everydns.net. state: REGISTERED, DELEGATED person: MAXIM N PONIZOVTSEV phone: +7 095 7967750 e-mail: ripn@hobot.ru registrar: RUCENTER-REG-RIPN created: 2000.04.03 paid-till: 2005.05.01 source: TC-RIPN ns1.everydns.net has address 64.158.219.3 ns2.everydns.net has address 216.218.240.206 ns3.everydns.net has address 80.84.249.169 ns4.everydns.net has address 63.219.183.200 EVERYDNS.NET however is currently aliased to fiona.everybox.com at 64.158.219.9. 64.158.219.0/24 is the responsible party for these and a huge number of other recent spams that tout illegal and fraudulent products, services and content. OrgName: Co-Location.com Inc. OrgID: COLOC-1 Address: 333 S. Beverly Drive Address: Suite 207 City: Beverly Hills StateProv: CA PostalCode: 90212 Country: US NetRange: 64.158.219.0 - 64.158.219.255 CIDR: 64.158.219.0/24 NetName: COLOC1-LVLT-64-158-219 NetHandle: NET-64-158-219-0-1 Parent: NET-64-152-0-0-1 NetType: Reassigned Comment: RegDate: 2004-05-24 Updated: 2004-05-24 OrgTechHandle: TECHN143-ARIN OrgTechName: Technical OrgTechPhone: +1-310-286-1107 OrgTechEmail: Support@co-location.com This spammer has been scanning networks worldwide in order to exploit any found "open SMTP proxies". He is also documented to have broken into zombied machines to use their DSL connections for spam transmission and, as previously stated, transferring DNS zones to mask the origins of both his spams and websites. Thus a spammer, a software pirate AND a burglar. A criminal, in any event. The unread message which you just sent to an unassigned address on our network, and which follows, has already been sent to law enforcement authorities. Hopefully you will be sent to them as well, shortly. [Administrators and legal/investigative officials reading this: We urge you to consider a course of action which will result in termination of all services to the above-referenced hosts and netblocks as soon as administratively possible - a more permanent solution pending completion of any additional investigation. Regarding those investigations we may be counted upon to furnish any additional documentation we can offer to assist in prosecution, and to ensure civil liability.] ----- Original message follows, unread ----- From lkioexiomixfu@beograd.every1.net Tue Dec 14 01:10:11 2004 Received: from CPE-65-27-11-91.kc.rr.com (CPE-65-27-11-91.kc.rr.com [65.27.11.91]) by TheWorld.com (8.12.8p1/8.12.8) with ESMTP id iBE69kja005923 for <roky@world.std.com>; Tue, 14 Dec 2004 01:09:47 -0500 Received: from unknown (HELO localhost) (127.0.0.1) by localhost.edit.com with SMTP; Tue, 14 Dec 2004 06:18:14 +0000 Received: from 149.55.161.220 (149.55.161.220[149.55.161.220]) by CPE-65-27-11-91.kc.rr.com (IMP) with HTTP for <roky@world.std.com>; Tue, 14 Dec 2004 06:18:14 +0000 Message-ID: <7972491103005094@CPE-65-27-11-91.kc.rr.com> From: "Mike" <lkioexiomixfu@beograd.every1.net> To: "Benny" <roky@world.std.com> Subject: Any software backups for lowest pricest. Date: Tue, 14 Dec 2004 06:18:14 +0000 MIME-Version: 1.0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: 8bit User-Agent: Internet Messaging Program (IMP) 3.2.2 X-Originating-IP: 149.55.161.220 <HTML><html> <body> <P>2005 is just a few days away. Start the new year with a much needed software upgrade:</P> <P>Tired of your old Windows system? Get XP Professional here for only $33 ($170 cheaper than stores):<BR><A href="http://down.cd/">http://down.cd/</A></P> <P>Your old Office program no longer state of the art? Get the superb Office 2003 here for $38 less than retail:<BR><A href="http://down.cd/">http://down.cd/</A></P> <P>View our full software selection. Whether you need new virus software, art and graphical software or anything else,<BR>we have it - and so much cheaper than the stores. =)</P> <P><A href="http://down.cd/">http://down.cd/</A> or <A href="http://backups.cd/">http://backups.cd/</A></P> </body> </html> </HTML> !DSPAM:41be850e33244928411552!
participants (2)
-
David A.Ulevitch
-
Eric Brunner-Williams in Portland Maine