[Dshield] Klez any one

John Hardin johnh at aproposretail.com
Fri Aug 23 00:30:15 GMT 2002


On Thu, 22 Aug 2002 Daniels566 at cs.com wrote:

> Received: from Pgcdjo ([205.152.62.117]) by out003.verizon.net
>           (InterMail vM.5.01.05.09 201-253-122-126-109-20020611) with SMTP
>           id <20020819013544.XWIF13272.out003.verizon.net at Pgcdjo>
>           for <Wolves5149 at aol.com>; Sun, 18 Aug 2002 20:35:44 -0500

The last Received: header is chronologically the first. The infected
machine was at IP address 205.152.62.117 at Sun, 18 Aug 2002 20:35:44
-0500

You'd do a NIC query (starting at http://www.arin.net/) to see who owned
that netblock, then send your complaint (with full headers) to the abuse
address at that ISP.

-- 
John Hardin                                   <johnh at aproposretail.com>
Internal Systems Administrator                    voice: (425) 672-1304
Apropos Retail Management Systems, Inc.             fax: (425) 672-0192
-----------------------------------------------------------------------
 "To disable the Internet to save EMI and Disney is the moral
  equivalent of burning down the library of Alexandria to ensure the
  livelihood of monastic scribes."
                                    -- John Ippolito of the Guggenheim
-----------------------------------------------------------------------
 118 days until The Two Towers




More information about the list mailing list