[Dshield] Re: ARIN errors?
superc at visuallink.com
Fri Jun 25 08:52:04 GMT 2004
Had something new today with some troubling implications for tracking
spammers. Got a spam which when I checked the originating IP on ARIN
resolved to (never mind who, call them "Toys for grown ups.com") under
the IP blocks controled by (call them Witheld2). I sent a copy to the
supposed abuse dept. there that bounced back with no such addressee
found. Much more detective work and I located the "Toys for grownups"
company actual owner and sent the spam to him personally to fix. I got
back an email saying why are you telling me, I am not xyz . com (the
plain text From)? I sent him a little blurb explaining IP #s and
tracing and all that, suggested he ask his tech people to explain the
finer points and meanwhile out of boredom I had examined the Received
from IPs on his "I am innocent" email and noticed they were from a
totally different range which resolved on ARIN to a second company
(never mind who, call them "A famous phone co.com") supposedly under the
control of (also Witheld). A few friendly back and forth emails then
ensued. The long and short of it is, ARIN is wrong, Toys for grown
ups.com has never had the IP numbers in the Spam mail. About his
letters to me with received from IPs that resolved to "A famous phone
co.com" under the control of Witheld, ARIN was wrong again. The IP
numbers ARIN says belong to A famous phone co.com actually belong to
Toys for grown ups.com. The numbers allegedly belonging to Toys for
grown ups.com aren't theirs and ARIN apparently has no idea who they
belong to. A check confirmed my ARIN info is up to date. Here is what
the owner of Toys for grown ups.com says about it all.
"I can shed a little light on this. Our current ISP is indeed,
(Witheld), which merely leases us our block of 32 IPs. Nearly a decade
ago we used (Witheld 2) as our ISP. At the time we left (Witheld2) we
were told that we did not own our IP block, and that we couldn't take
these IPs with us to our next service provider. After all this time I am
astounded that "Toys for grown ups.com's" name is still attached to
them. I don't even believe that (Witheld2) is still in business. If our
company does actually OWN these IPs, I'd be interested in learning how
we can regain control of them."
Now where am I/we? I have no idea who owns the IP numbers found in the
Spam email. The ARIN database contains errors to include no longer
existent companies and mismatched companies and number combinations.
This kind of thing makes it really, really, hard to track down
spammers. If we can't use ARIN, who can we use?
More information about the list