[Dshield] Klez any one

Bruce Lilly blilly at erols.com
Fri Aug 23 16:15:16 GMT 2002


> From: John Hardin <johnh at aproposretail.com>
> Date: Thu, 22 Aug 2002 17:30:15 -0700 (PDT)

> The last Received: header is chronologically the first. The infected
> machine was at IP address 205.152.62.117 at Sun, 18 Aug 2002 20:35:44
> -0500
> 
> You'd do a NIC query (starting at http://www.arin.net/) to see who owned
> that netblock, then send your complaint (with full headers) to the abuse
> address at that ISP.

The ISP is Bell South, abuse contact is <abuse at bellsouth.net>:

# whois 205.152.62.117
Bellsouth.net, Inc. (NETBLK-BELLSNET-BLK)
    301 Perimeter Center North,  Suite 400
    Atlanta, GA 30346
    US

    Netname: BELLSNET-BLK1
    Netblock: 205.152.0.0 - 205.152.255.255
    Maintainer: BELL

    Coordinator:
       Geurin, Joe  (JG726-ARIN)  ipadmin at bellsouth.net
       678-441-7800 (FAX) 678-441-6968

    Domain System inverse mapping provided by:

    NS.BELLSOUTH.NET             205.152.0.5
    NS.ATL.BELLSOUTH.NET         205.152.0.20
    NS.MIA.BELLSOUTH.NET         205.152.16.20
    NS.RDU.BELLSOUTH.NET         205.152.32.20

    =====

    NOTE: For abuse issues, please email abuse at bellsouth.net.

    =====

    Record last updated on 26-Sep-2001.
    Database last updated on  22-Aug-2002 22:40:20 EDT.

The ARIN Registration Services Host contains ONLY Internet
Network Information: Networks, ASN's, and related POC's.
Please use the whois server at rs.internic.net for DOMAIN related
Information and whois.nic.mil for NIPRNET Information.









More information about the list mailing list