IWETHEY v. 0.3.0 | TODO
1,095 registered users | 0 active users | 0 LpH | Statistics
Login | Create New User
IWETHEY Banner

Welcome to IWETHEY!

IWETHEY Home / IWETHEY Board / Networking Forum / Tracking IP
Post #114,552
by broomberg
8/20/03 11:04:29 AM
Reply
New Tracking IP
I've been getting a series of virus email that are annoying me. They can't hurt me (Linux), so it did not matter.

Until I also started getting bounced messages by the same source, saying that the virus I was sending someone could not be sent.

ARRG!

They are coming from:
Received: from 12-248-216-218.client.attbi.com (HELO YEMI) (12.248.216.218)

The return names it used so far are:

rodneyhampton1234@hotmail.com
ruehlmatthew@hotmail.com
paidopinions@aol.com
R13550@WACCVM.corp.mot.com
chicagorecruiting@scoreprep.com

Anybody recognize any of these names or the address?

Is it possible to track down the actual infected user?
Do I sent a nastygram to the netblock owner?
Post #114,559
by jake123
8/20/03 12:10:03 PM
Reply
New nastygram to the netblock owner
asking them to suspend service to the machine in question.

It's British Telecom, IIRC; they're not very good at dealing with that sort of thing IME.
--\n-------------------------------------------------------------------\n* Jack Troughton                            jake at consultron.ca *\n* [link|http://consultron.ca|http://consultron.ca]                   [link|irc://irc.ecomstation.ca|irc://irc.ecomstation.ca] *\n* Kingston Ontario Canada               [link|news://news.consultron.ca|news://news.consultron.ca] *\n-------------------------------------------------------------------
Post #114,692
by pwhysall
Picture of pwhysall
8/21/03 4:15:47 AM
Reply
New attbi is Comcast.

Peter
[link|http://www.debian.org|Shill For Hire]
[link|http://www.kuro5hin.org|There is no K5 Cabal]
[link|http://guildenstern.dyndns.org|Blog]
Post #114,577
by deSitter
Picture of deSitter
8/20/03 1:34:59 PM
Reply
New Re: Tracking IP
I've gotten lots of these as well, and I'm certain I've sent nothing and have no worms - this is some kind of bizarro side-effect of the shitty security measures implemented on mail servers.
-drl
Post #114,581
by jake123
8/20/03 1:56:13 PM
Reply
New Not so
Most if not all of the new worm/trojans have their own mini-smtp server built in. They don't need a mail server to send you mail.
--\n-------------------------------------------------------------------\n* Jack Troughton                            jake at consultron.ca *\n* [link|http://consultron.ca|http://consultron.ca]                   [link|irc://irc.ecomstation.ca|irc://irc.ecomstation.ca] *\n* Kingston Ontario Canada               [link|news://news.consultron.ca|news://news.consultron.ca] *\n-------------------------------------------------------------------
Post #114,582
by deSitter
Picture of deSitter
8/20/03 1:57:36 PM
Reply
New Ah OK
That makes more sense actually.

My faith in the impenetrability of our digital defenses is hereby restored.
-drl
Post #114,585
by jake123
8/20/03 2:16:09 PM
Reply
New Heh
The thing is, how does one deal with the issue at hand?

When all is said and done, the entire problem would just go away if people stopped using Windows. I haven't used Windows for years, and have zero problems with this, except for 'net storms caused by stoopid amounts of traffic between windows boxen.
--\n-------------------------------------------------------------------\n* Jack Troughton                            jake at consultron.ca *\n* [link|http://consultron.ca|http://consultron.ca]                   [link|irc://irc.ecomstation.ca|irc://irc.ecomstation.ca] *\n* Kingston Ontario Canada               [link|news://news.consultron.ca|news://news.consultron.ca] *\n-------------------------------------------------------------------
Post #114,620
by kmself
Picture of kmself
8/20/03 5:42:38 PM
Reply
New My solution is...

...to bounce all virus alert messages to all virus vendor's published email addresses, until they fix the fucking problem caused by auto-notification to spoofed addresses.

\r\n\r\n

I figure if a small number of folks on the Net do this, they'll start seeing the light right quick, and deactivate the notification "feature" entirely. Someone's got a virus? Fuck 'em. Unfortunately, you've got to be an adult (at least in behavior and responsibility) to drive on the Infobahn today.

--\r\n
Karsten M. Self [link|mailto:kmself@ix.netcom.com|kmself@ix.netcom.com]\r\n
[link|http://kmself.home.netcom.com/|http://kmself.home.netcom.com/]\r\n
What part of "gestalt" don't you understand?\r\n
[link|http://twiki.iwethey.org/twiki/bin/view/Main/|TWikIWETHEY] -- an experiment in collective intelligence. Stupidity. Whatever.\r\n
\r\n
   Keep software free.     Oppose the CBDTPA.     Kill S.2048 dead.\r\n[link|http://www.eff.org/alerts/20020322_eff_cbdtpa_alert.html|http://www.eff.org/alerts/20020322_eff_cbdtpa_alert.html]\r\n
     Tracking IP - (broomberg) - (7) - Aug. 20, 2003, 11:04:29 AM EDT
         nastygram to the netblock owner - (jake123) - (1) - Aug. 20, 2003, 12:10:03 PM EDT
             attbi is Comcast. -NT - (pwhysall) - Aug. 21, 2003, 04:15:47 AM EDT
         Re: Tracking IP - (deSitter) - (3) - Aug. 20, 2003, 01:34:59 PM EDT
             Not so - (jake123) - (2) - Aug. 20, 2003, 01:56:13 PM EDT
                 Ah OK - (deSitter) - (1) - Aug. 20, 2003, 01:57:36 PM EDT
                     Heh - (jake123) - Aug. 20, 2003, 02:16:09 PM EDT
         My solution is... - (kmself) - Aug. 20, 2003, 05:42:38 PM EDT

Did you recently read an article?
192 ms