[an error occurred while processing this directive]
This spam report is at Porno Spam Page 1
I like this new format I am using. You get to see the headers here so you can
figure out what I'm doing. Also, this helps me as I don't have to switch
between applications quite as much.
Return-Path: <MailChat@live.net>
Delivered-To: cpickett@mediacity.com
Received: (qmail 618 invoked from network); 15 Sep 1997 16:08:42 -0000
Received: from db1.paclink.net (206.170.104.30) by mail001.mediacity.com with SMTP;
15 Sep 1997 16:08:42 -0000
Received: from live.net ([206.175.230.135]) by db1.paclink.net
(Netscape Mail Server v2.02) with SMTP id AAA393; Mon, 15 Sep 1997 08:36:23 -0700
To: HardMen@Male.Box
From: MailChat@live.net
Subject: Great new GAY Party Line...absolutely FREE
Reply-to: MailChat@live.net
Comments: Authenticated sender is <MailChat@live.net>
Received: from live.net (live.net [000.000.000.000]) by live.net (0.0.0./0.0.0.)
with SMTP id AAA000000 for <MailChat@live.net>; Mon, 15 Sep 1997 8:41:48 -0500 (EST)
Message-Id: 0000000000.AAA000@live.net
X-UIDL: 57557989777497764227452821219618
Starting at the top, we have "live.net":
>whois live.net
Multi Channel Video Programming (LIVE3-DOM)
21312 Muholland Drive
Woodland Hills, CA 92103
Domain Name: LIVE.NET
Administrative Contact, Technical Contact, Zone Contact:
Tara, Jon (JT392) jtara@CONNECTNET.COM
(619) 260-1704
Record last updated on 05-Jan-97.
Record created on 17-Jul-95.
Database last updated on 15-Sep-97 04:41:03 EDT.
Domain servers in listed order:
NS.CONNECTNET.COM 207.110.0.60
NS2.CONNECTNET.COM 207.110.0.128
>whois CONNECTNET.COM
CONNECTNet Internet Network Services (CONNECTNET-DOM)
6370 Lusk Blvd, Suite F208
San Diego, CA 92121
USA
Domain Name: CONNECTNET.COM
Administrative Contact:
Sears, Timothy K. (TKS) tim@CONNECTNET.COM
619.450.0254
Technical Contact, Zone Contact:
Knox, Kit (KK1140) kit@CONNECTNET.COM
619-450-0254 (FAX) 619-450-3216
Record last updated on 16-Oct-96.
Record created on 26-Feb-95.
Database last updated on 15-Sep-97 04:41:03 EDT.
Domain servers in listed order:
NS.CONNECTNET.COM 207.110.0.60
NS2.CONNECTNET.COM 207.110.0.128
AUTH00.NS.UU.NET 198.6.1.65
AUTH01.NS.UU.NET 198.6.1.81
NS2.MCI.NET 204.70.57.242
Ah. UU.Net, but for DNS only. Since Cerfnet is their upstream provider, it would
make more sense to use those DNS servers. A traceroute(not shown here) listed
Cerfnet as their upstream provider.
This DNS entry resolved, but the IP address did not. The important thing is that
it resolved.
db1.paclink.net (206.170.104.30)
Let's look up that domain:
>whois paclink.net
PacLink Communications LLC (PACLINK-DOM)
260 S. Los Robles Ave., Ste 200
Pasadena, CA 91101
US
Domain Name: PACLINK.NET
Administrative Contact, Technical Contact, Zone Contact:
Lai, Robert Sr. Systems Consultant [Systems Consultant] (RL63) rlai@PACLINK.NET
626.397.4688 (FAX) 626.397.4689
Billing Contact:
Chu, Paul (PC1065) pchu@PACLINK.NET
818-397-4683
Record last updated on 08-Mar-97.
Record created on 16-Aug-95.
Database last updated on 15-Sep-97 04:41:03 EDT.
Domain servers in listed order:
NS1.PACLINK.NET 206.170.104.38
NS2.PACLINK.NET 206.170.104.146
NS1.PBI.NET 206.13.28.11
Let's look up the other domain listed.
>whois pbi.net
[No name] (PBI2-HST) PBI.NET 206.13.12.28
Pacific Bell Internet Services (PBI3-DOM) PBI.NET
Ah, Pacific Bell. They are taking far too much abuse.
>whois pbi3-dom
Pacific Bell Internet Services (PBI3-DOM)
303 Second Street Suite 830
San Francisco, CA 94107
Domain Name: PBI.NET
Administrative Contact:
postmaster (POS34-ORG) postmaster@PBI.NET
tel.: 800-708-INET fax.: 415-442-4999 http://www.pbi.net
Technical Contact, Zone Contact:
PBI DNS Administration (PDA-ORG) dnsadmin@PBI.NET
tel.: 800-463-8724 fax.: 415-442-4999 http://www.pbi.net
Billing Contact:
PBI DNS Administration (PDA-ORG) dnsadmin@PBI.NET
tel.: 800-463-8724 fax.: 415-442-4999 http://www.pbi.net
Record last updated on 30-Jul-97.
Record created on 25-May-95.
Database last updated on 15-Sep-97 04:41:03 EDT.
Domain servers in listed order:
NS1.PBI.NET 206.13.28.11
NS2.PBI.NET 206.13.29.11
OK, let's see what that IP address I resolved actually is. It may be a mail server.
>telnet
telnet> open 206.170.104.30 25
Trying 206.170.104.30...
Connected to 206.170.104.30.
Escape character is '^]'.
220 db1.paclink.net ESMTP server (Netscape Mail Server v2.02) ready Mon, 15 Sep
1997 12:47:46 -0700
quit
221 db1.paclink.net ESMTP server closing connection
Connection closed by foreign host.
Why yes, yes it is a mail server.
I think I see it now. Some spam blasting package forged IP addresses, sends
SMTP stream to Pacific Bell, who then sends the spam out to the world. The thing is
that I can not identify where the spam truly originated from, but I strongly suspect
it is a user connecting directly to something within the "connectnet.com" network.
Purely out of curiousity:
>whois cerfnet.net
CERFnet (CERFNET-DOM)
P.O. Box 919014
San Diego, CA 92191
US
Domain Name: CERFNET.NET
Administrative Contact:
Mohta, Pushpendra (PM200) pushp@CERF.NET
619-455-3900 FAX (619) 455-3990 FAX (619) 455-3990
Technical Contact, Zone Contact:
CERFnet Hostmaster (CERF-HM) dns@CERF.NET
(619) 455-3900
Billing Contact:
CERFnet Hostmaster (CERF-HM) dns@CERF.NET
(619) 455-3900
Record last updated on 15-Jan-97.
Record created on 13-Dec-94.
Database last updated on 15-Sep-97 04:41:03 EDT.
Domain servers in listed order:
NOC.CERF.NET 192.153.156.22
NOC.NEAR.NET 192.52.71.21
