[Dshield] Domain Name Front Running
John Draper
lists at webcrunchers.com
Wed Jan 2 07:40:57 GMT 2008
Paul Ferguson wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> - -- Tom <dshield at oitc.com> wrote:
>
>
>> At 6:36 PM +0000 12/29/07, Paul Ferguson wrote:
>>
>>> YMMV: My experience has been pretty positive with the RIR WHOIS
>>> data. :-)
>>>
>
>
>> In that case can you sprinkle your pixie dust and locate a valid
>>
> contact that will do something about 216.244.139.206? This is a
> REALLY infected IP that has been infected by various trojans (I
> actually think the various gangs are warring over who 0n3s it) for
> over a year.
>
>
> Well, identifying who has been allocated the prefix, and getting
> someone to respond are obviously two different things. :-)
>
A tip - when sending reports, do it in Spanish or in whatever
language that administers that IP or upstream reporter.
That's always the problem, because Chinese ISP's will usually
take spam reports in English and pipe it to /dev/null.
I've gotten really good results then I send my reports in the native
language spoken who administers the IP block.
Translators are OK, but get a native speaker (or writer) to compose the
report for you.
John
More information about the list
mailing list