[Dshield] Help on Finding contacts at domains
haled at pionet.net
Thu Sep 4 21:40:22 GMT 2003
John, According to the information from the dshield database and their
support page their abuse email address is abuse at illinois.net. It appears
that Illinois Communication Network actually provides service for the school
districts as well as the government agencies in Illinois.
I know that a major school district in Illinois got hit with the Blaster.
They probably are still having fallout from that. They had to shutdown all
of their computers and are gradually bringing them back on line.
http://www.illinois.net/contact/icnstaff.htm I noticed that they do have
their staff directory on line. You may try sending an email to their IT
people and see if you get any response that way.
From: list-bounces at dshield.org [mailto:list-bounces at dshield.org] On Behalf
Of John Dalton
Sent: Thursday, September 04, 2003 4:11 PM
To: General DShield Discussion List
Subject: [Dshield] Help on Finding contacts at domains
I need to draw on the excellent resources here on the dshield list :)
In the last week I have had a smattering of emails that were generated
elsewhere and I am the one contacted. I would not be even asking this if the
fact they all come from two ISP's, one who I contacted by phone the other
day, and after getting past the persons attitude while answering (so what is
our users email address, to which I answered his MACHINES IP was x.x.x.x,) I
now have a good slug of ones coming from 18.104.22.168, shown in headers
(where the victims show them) as:
Received: from VALUED-078DE3BD ([22.214.171.124]
I looked them up to find:
Illinois Century Network
120 west jefferson
Illinois Century Network
hostmaster at illinois.net
I have emailed to abuse.fraud and hostmaster at illinois.net, I have gone to
www.illinois.net, and tried to find contacts for a email contact. They seem
to be a Provider for Illinois school districts for Internet connectivity.
It is a nuisance for now, but all the emails I am getting about "sending"
infected emails to various companies, all indicate this IP as the origin.
Yes I have made sure I am all patched, and checked several ways to confirm I
am NOT infected.
Can anyone enlighten me to how to pursue this next, and how they came up
with this direction ...
Thanks in advance
list mailing list
list at dshield.org
To change your subscription options (or unsubscribe), see:
More information about the list