[Dshield] Re: ARIN errors?

Johannes B. Ullrich jullrich at euclidian.com
Fri Jun 25 12:15:18 GMT 2004


> Now where am I/we?  I have no idea who owns the IP numbers found in the 
> Spam email.  The ARIN database contains errors to include no longer 
> existent companies and mismatched companies and number combinations.  
> This kind of thing makes it really, really, hard to track down 
> spammers.  If we can't use ARIN, who can we use?

This is a very typical scenario. Whois information is frequently
outdated, in particular for smaller netblocks. Did you do a
quick traceroute to the IP to find out who is the upstream
contact?



-- 
----------------------------------------------------------------
Visiting SANSFIRE?? Stop by at IPNet and say Hi ;-)
http://www.sans.org/sansfire2004
----------------------------------------------------------------
Johannes Ullrich                     jullrich at euclidian.com
contact: http://johannes.homepc.org/contact.htm
----------------------------------------------------------------

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://www.dshield.org/pipermail/list/attachments/20040625/37ecb961/attachment.bin


More information about the list mailing list