RE: XSServer / Taking down a spam friendly provider
On Wed, Oct 26, 2011 at 10:12:33AM -0400, Chris wrote: Does anyone have any recommendations of where to go next because I'm just limited to doing a whois on the IP address, emailing the abuse contact and tracerouting. Chris, Can't help much - but can say we find ourselves in a similar boat. As a rule of thumb, we systematically block, log, and report *every* spam, virus brute force etc attempt we receive against any of our devices. In the past three years, only one company has ever responded to an abuse request (CampaignMonitor to name honour them), though there are definitely some other good guys out there (a large number of them on this list)! [We don't apply the above logic for spam sent to email destinations, for obvious reasons] G
Limestone Networks / AS 46475 / 64.31.32.1/24
Anyone from Limestone Networks / AS 46475 on board? Got a repeating problem from a specific IP in your care. In the range: 64.31.32.1/24 Gav
RE: New tsunami advisory warning - Japan
*yawn*. A foot and a half isn't going to be all *that* bad Sorry to continue off topic: Try to imagine ... a temporary very high tide, rather than a cresting wave. In addition to the height, it's the wave-length you have to take into account. Tsunami's rarely become towering breaking waves. [That said, tsunamis can form into a bore - a step-like wave with a steep breaking front. Likely if the tsunami moves from deep water into a shallow river / bay] 1 1/2 foot on top of an existing high tide, could easily cause further flooding in the wrong locations (although as mentioned, not to the levels already experienced). travels in general at approx 970 kph (600 mph) True in the deepest parts of open ocean - upon reaching the shore-line it'll be travelling a lot slower. /off-topic // Gav
RE: New tsunami advisory warning - Japan
You guys forget a lot of folks on the list are working on cabling ships and off shore platforms, its not all about what happens on shore in this industry. Valid point ... however in deep ocean, these things are pretty imperceptible. The effect on ships on the surface are nominal, and off shore platforms are (generally) built with these things in mind: http://www.msnbc.msn.com/id/27324535/ns/technology_and_science-innovation/ At the other extreme, Lituya Bay is a good example of a Mega Tsunami (1,720 feet): http://en.wikipedia.org/wiki/1958_Lituya_Bay_megatsunami
RE: New tsunami advisory warning - Japan
JCG ship in the the open ocean. Impressive video. The wave height and speed would suggest shallower waters, and that likely the ship was close to land mass when the video was filmed rather than open ocean (in the sense of being far out to sea). Not being there of course I could easily be incorrect. Anyway we digress :) Gav On Mar 28, 2011, at 11:28 AM, Marshall Eubanks wrote: On Mar 28, 2011, at 10:57 AM, Gavin Pearce wrote: You guys forget a lot of folks on the list are working on cabling ships and off shore platforms, its not all about what happens on shore in this industry. Valid point ... however in deep ocean, these things are pretty imperceptible. The effect on ships on the surface are nominal, and off shore platforms are (generally) built with these things in mind: http://www.msnbc.msn.com/id/27324535/ns/technology_and_science-innovatio n/ Here is a video of the recent Japanese tsunami from a JCG ship in the the open ocean. The waves (@ ~4:20 and 6:40 into the video) caused them no trouble, but they were certainly not imperceptible. With the video : http://www.youtube.com/watch?v=4XSBrrueVoQfeature=player_embedded#at=19 Marshall Regards Marshall At the other extreme, Lituya Bay is a good example of a Mega Tsunami (1,720 feet): http://en.wikipedia.org/wiki/1958_Lituya_Bay_megatsunami
RE: 213.123.192.0/20 | 193.179.160.0/22 | 174.132.0.0/15 | 65.75.128.0/18
Just a quick update to the below message, I have a contact for The Planet, if anyone has a contact for any of the following, would be much appreciated: 64.167.200.160/29 (SBCIS-1001120-113647) [new] 213.123.192.0/20 (BT-ADSL) 193.179.160.0/22 (KULAJ-NET) 65.75.128.0/18 (MSG-65-75-128-0) Many thanks, Gavin -Original Message- From: Gavin Pearce [mailto:gavin.pea...@3seven9.com] Sent: 15 March 2011 11:48 To: NANOG list Subject: 213.123.192.0/20 | 193.179.160.0/22 | 174.132.0.0/15 | 65.75.128.0/18 Morning all - anyone here responsible for any of the following: Abuse/Technical contacts gone unanswered for each (mailed 1 - 2 months ago). *sigh* Getting multiple brute force and/or spam from single IPs within those ranges against different devices on different dates. Gav -Original Message- From: Masato YAMANISHI [mailto:myama...@japan-telecom.com] Sent: 14 March 2011 16:16 To: 'Marshall Eubanks'; 'NANOG list' Subject: RE: Rush to Fix Quake-Damaged Undersea Cables Hi Marshall and all, About half of the existing cables running across the Pacific are damaged ... It that realistic ? That seems like much more damage than anything I have heard or seen. Yes, it's definetely true. Rgs, Masato -Original Message- From: Marshall Eubanks [mailto:t...@americafree.tv] Sent: Monday, March 14, 2011 8:54 AM To: NANOG list Subject: Rush to Fix Quake-Damaged Undersea Cables In this WSJ article http://online.wsj.com/article/SB100014240527487048936045761999 52421569210.html or http://on.wsj.com/gaPk8V This caught my eye : About half of the existing cables running across the Pacific are damaged ... It that realistic ? That seems like much more damage than anything I have heard or seen. Regards Marshall
213.123.192.0/20 | 193.179.160.0/22 | 174.132.0.0/15 | 65.75.128.0/18
Morning all - anyone here responsible for any of the following: 213.123.192.0/20 (BT-ADSL) 193.179.160.0/22 (KULAJ-NET) 174.132.0.0/15 (NETBLK-THEPLANET-BLK-15) 65.75.128.0/18 (MSG-65-75-128-0) Abuse/Technical contacts gone unanswered for each (mailed 1 - 2 months ago). *sigh* Getting multiple brute force and/or spam from single IPs within those ranges against different devices on different dates. Gav -Original Message- From: Masato YAMANISHI [mailto:myama...@japan-telecom.com] Sent: 14 March 2011 16:16 To: 'Marshall Eubanks'; 'NANOG list' Subject: RE: Rush to Fix Quake-Damaged Undersea Cables Hi Marshall and all, About half of the existing cables running across the Pacific are damaged ... It that realistic ? That seems like much more damage than anything I have heard or seen. Yes, it's definetely true. Rgs, Masato -Original Message- From: Marshall Eubanks [mailto:t...@americafree.tv] Sent: Monday, March 14, 2011 8:54 AM To: NANOG list Subject: Rush to Fix Quake-Damaged Undersea Cables In this WSJ article http://online.wsj.com/article/SB100014240527487048936045761999 52421569210.html or http://on.wsj.com/gaPk8V This caught my eye : About half of the existing cables running across the Pacific are damaged ... It that realistic ? That seems like much more damage than anything I have heard or seen. Regards Marshall
RE: Interesting google redirects.
Sure you all know this already: http://google.com/ncr Temp fix for getting the .com version. G -Original Message- From: Mark Keymer [mailto:m...@viviotech.net] Sent: 04 March 2011 06:14 To: Raymond Macharia Cc: nanog@nanog.org Subject: Re: Interesting google redirects. On this same subject. My techs have been complaining lately about our new VPS's we are making going to google.vm. Is there anything I can do on my end to get this corrected? Sincerely, Mark Keymer Raymond Macharia wrote: Noticed the same thing to the .com.hk Raymond Macharia On Thu, Mar 3, 2011 at 8:04 PM, Wayne Lee linkconn...@googlemail.comwrote: also some EU customers are getting redirected to .au domain Mine got redirected to google.be for a while.
RE: Contact for APEWS.org?
APEWS is braindead in execution, if not in fact. They list about half of all IPv4 space, and one might reasonably state that anyone using them deserves their own self-inflicted SMTP intranet. http://www.dnsbl.com/2007/08/apews-news-and-commentary-roundup.html Andrew The link Andrew sent over contains some great advice - make sure to read through to: http://www.dnsbl.com/2007/08/what-to-do-if-you-are-listed-on-apews.html
RE:
-Original Message- From: Atticus [mailto:grobe...@gmail.com] Sent: 13 December 2010 17:24 To: nanog@nanog.org Subject: Re: Wake on LAN in the enterprise Appologies to all that got a quote email from me. My phone decided to pocket-reply to you. -Original Message- From: Brielle Bruns [mailto:br...@2mbit.com] Sent: 13 December 2010 17:18 To: nanog@nanog.org Subject: Re: On 12/13/10 10:12 AM, Jack Bates wrote: On 12/13/2010 11:07 AM, Alexander Harrowell wrote: On Monday 13 December 2010 17:02:59 Atticus wrote: Cc I presume this is some sort of spam-test? I got 3 emails from Atticus. one quoting data only, one saying just Z, and another carboned to x...@gamil.com with just zzsxexz On Dec 13, 2010 11:34 AM, Jack Bates jba...@brightok.net wrote: In the body and none of the other quotes. So I'm thinking the same thing. I can has training wheels? -- Brielle Bruns The Summit Open Source Development Group http://www.sosdg.org/ http://www.ahbl.org
Abuse@ contacts
Hello, After a weekend of heavy spam last month, we decided to fire some reports over to the abuse contacts for each relevant IP or domain - some US/Europe based, others from more obscure locations. We've not had a reply from any of the reports sent over, other than some automated bounces. Each report from us contained detailed information about IP, date, headers, spam content, relevant ranges etc ... How many of you (honestly) actively manage and respond to abuse@ contact details listed in WHOIS? Or have had any luck with abuse@ contacts in the past? Who's good and who isn't? Apologies in advance if this has been around before - I'm new here. (: Gav
RE: starwars.com subdomain hijacked?
It seems the subdomain shop.starwars.com is being redirected. Anybody else seeing this? HTML served up looks official, albeit different NS servers and IP Range from main site. Resolves to 209.20.19.60 (shop.starwars.novator2.com.). Couldn't tell you if that's where it's meant to go mind... [r...@...]# dig shop.starwars.com ; DiG shop.starwars.com ;; Got answer: ;; QUESTION SECTION: ;shop.starwars.com. IN A ;; ANSWER SECTION: shop.starwars.com. 3600IN CNAME shop.starwars.novator2.com. shop.starwars.novator2.com. 600 IN A 209.20.19.60 ;; AUTHORITY SECTION: novator2.com. 600 IN NS ns2.novator.com. novator2.com. 600 IN NS ns3.novator.com. novator2.com. 600 IN NS ns1.novator.com. ;; Query time: 406 msec ;; WHEN: Mon Nov 22 16:33:40 2010 ;; MSG SIZE rcvd: 150 [r...@...]# dig starwars.com ; DiG starwars.com ;; Got answer: ;; QUESTION SECTION: ;starwars.com. IN A ;; ANSWER SECTION: starwars.com. 3600IN A 208.72.12.228 ;; AUTHORITY SECTION: starwars.com. 3600IN NS dns.lucasfilm.com. starwars.com. 3600IN NS sbdns3.cscdns.net. ;; ADDITIONAL SECTION: sbdns3.cscdns.net. 9515IN A 165.160.12.22 ;; Query time: 249 msec ;; WHEN: Mon Nov 22 16:34:39 2010 ;; MSG SIZE rcvd: 121 -Original Message- From: Matt Disuko [mailto:gourmetci...@hotmail.com] Sent: 22 November 2010 15:47 To: nanog@nanog.org Subject: starwars.com subdomain hijacked? It seems the subdomain shop.starwars.com is being redirected. Anybody else seeing this?