[thelist] DNS: Security and Networking
Anthony Baratta
Anthony at Baratta.com
Wed Jul 16 22:15:17 CDT 2003
At 07:14 PM 7/16/2003, Frank wrote:
>Some yahoo, probably a professional spammer is hammering away at my
>machine 24 hours a day, trying to get my SMTP to relay for him/her/it. I'm
>trying to get to the root of who this person is, but a trace route
>demonstrates a long trail of false reverse DNS entries.
Do you have access to the router that serves your co-lo boxes? If you own
it, or you can get your ISP to configure it - you can have the attacking IP
dropped from the route so it never gets to your boxes.
While you are pestering your ISP, send some email with cuts from your logs
to the ISP responsible for the IP:
C:\>nslookup 61.30.21.210
Server: dns1.sktnca.sbcglobal.net
Address: 64.169.140.6
Name: 210.21.30.61.isp.tfn.net.tw
Address: 61.30.21.210
http://www.apnic.net/apnic-bin/whois.pl
inetnum: 61.30.0.0 - 61.30.255.255
netname: TFN-NET
descr: Taiwan Fixed Network CO.,LTD.
descr: 7FI., No. 498, Ruei-Guang Rd., Nei-Hu
descr: Taipei Taiwan 114.
country: TW
admin-c: TT164-AP
tech-c: SH376-AP
mnt-by: MAINT-TW-TWNIC
changed: cwkuo at twnic.net.tw 20020425
status: ALLOCATED PORTABLE
source: APNIC
You can send the email to abuse at twnic.net. Hopefully they will respond.
---
Anthony Baratta
President
Keyboard Jockeys
"Conformity is the refuge of the unimaginative."
More information about the thelist
mailing list