[Dshield] Klez any one

Bruce Lilly blilly at erols.com
Fri Aug 23 16:15:16 GMT 2002

> From: John Hardin <johnh at aproposretail.com>
> Date: Thu, 22 Aug 2002 17:30:15 -0700 (PDT)

> The last Received: header is chronologically the first. The infected
> machine was at IP address at Sun, 18 Aug 2002 20:35:44
> -0500
> You'd do a NIC query (starting at http://www.arin.net/) to see who owned
> that netblock, then send your complaint (with full headers) to the abuse
> address at that ISP.

The ISP is Bell South, abuse contact is <abuse at bellsouth.net>:

# whois
Bellsouth.net, Inc. (NETBLK-BELLSNET-BLK)
    301 Perimeter Center North,  Suite 400
    Atlanta, GA 30346

    Netname: BELLSNET-BLK1
    Netblock: -
    Maintainer: BELL

       Geurin, Joe  (JG726-ARIN)  ipadmin at bellsouth.net
       678-441-7800 (FAX) 678-441-6968

    Domain System inverse mapping provided by:



    NOTE: For abuse issues, please email abuse at bellsouth.net.


    Record last updated on 26-Sep-2001.
    Database last updated on  22-Aug-2002 22:40:20 EDT.

The ARIN Registration Services Host contains ONLY Internet
Network Information: Networks, ASN's, and related POC's.
Please use the whois server at rs.internic.net for DOMAIN related
Information and whois.nic.mil for NIPRNET Information.

More information about the list mailing list