[thelist] DNS: Security and Networking

Anthony Baratta Anthony at Baratta.com
Wed Jul 16 22:15:17 CDT 2003


At 07:14 PM 7/16/2003, Frank wrote:

>Some yahoo, probably a professional spammer is hammering away at my 
>machine 24 hours a day, trying to get my SMTP to relay for him/her/it. I'm 
>trying to get to the root of who this person is, but a trace route 
>demonstrates a long trail of false reverse DNS entries.

Do you have access to the router that serves your co-lo boxes? If you own 
it, or you can get your ISP to configure it - you can have the attacking IP 
dropped from the route so it never gets to your boxes.

While you are pestering your ISP, send some email with cuts from your logs 
to the ISP responsible for the IP:

C:\>nslookup 61.30.21.210
Server:  dns1.sktnca.sbcglobal.net
Address:  64.169.140.6

Name:    210.21.30.61.isp.tfn.net.tw
Address:  61.30.21.210

http://www.apnic.net/apnic-bin/whois.pl

inetnum:      61.30.0.0 - 61.30.255.255
netname:      TFN-NET
descr:        Taiwan Fixed Network CO.,LTD.
descr:        7FI., No. 498, Ruei-Guang Rd., Nei-Hu
descr:        Taipei Taiwan 114.
country:      TW
admin-c:      TT164-AP
tech-c:       SH376-AP
mnt-by:       MAINT-TW-TWNIC
changed:      cwkuo at twnic.net.tw 20020425
status:       ALLOCATED PORTABLE
source:       APNIC

You can send the email to abuse at twnic.net. Hopefully they will respond.

---
Anthony Baratta
President
Keyboard Jockeys

"Conformity is the refuge of the unimaginative."



More information about the thelist mailing list