[Dshield] Novice regarding reporting spam, would like to learn how to.
j.riden at massey.ac.nz
Wed Apr 28 20:36:21 GMT 2004
"Peter Stendahl-Juvonen" <peter.stendahl-juvonen at welho.com> writes:
> At least a part of spam involves possible security issues.
> Would fellow DShielders with insights kindly assist in the first attempt
> to report spam?
Start at the top and work back through your trusted hosts. First
untrusted IP that appears is 18.104.22.168
A lot of spam is relayed via trojaned dialup/DSL machines these days,
so let's do a quick lookup in XBL (xbl.spamhaus.org) which lists these
kinds of relays:
Sure enough, it's there. You can also do lookups at openrbl.org if you
want to check a wider variety of lists.
> 1) To whom would you report this example of spam?
% whois -h whois.apnic.net 22.214.171.124
211/8 seems APNIC-ish from memory - otherwise arin or ripe will
redirect you. Yep, it's KRNET.
% whois -h whois.krnic.net 126.96.36.199
gives abuse at thrunet.com.
If your mail admin can start rejecting mail based on the XBL, you
wouldn't have had to see this in the first place - but that's a
decision for each site to make and I can't say whether it's
appropriate for yours.
hope that helps,
James Riden / j.riden at massey.ac.nz / Systems Security Engineer
Information Technology Services, Massey University, NZ.
GPG public key available at: http://www.massey.ac.nz/~jriden/
More information about the list