![[SpamCop.net - protecting the internet through technology]](http://news.spamcop.net/newlogo.jpg)
[SC-Help]
Re: cais.com, pccwbtn.com accepting spamcop reports or not! (Ellen
?)
Mike Easter
MikeE at ster.invalid
Fri Apr 16 16:22:10 EDT 2004
Mike Easter wrote:
>> Reporting addresses:
>> abuse at cais.com
>> abuse at pccwbtn.com
> The best way to try to make sense is to look at the RIR whois:
>
> whois -h whois.arin.net 66.249.111.42 ...
> Lightwave Transit, Inc. 66.249.108.0 - 66.249.111.255
> AbuseEmail: abuse at lwthosting.com
> NW Internet Group, 66.249.96.0 - 66.249.111.255
> hostmaster at nwig.net
>
> 66.249.111.42 is spamhaus listed, justifying an upstream
>
> Fixedorbit sez the ASN is 32104 which is lwt above and who peers with
> AS32121 -
>
> OrgName: Cable Guys of Cyber
> AbuseEmail: webmaster at cgccorp.net
> no reg'd abuse.net
>
> If we're going to go 'wandering off' - I would rather wander with
> Robban.- which sez the same thing. I don't start getting into cais
> stuff until I start looking at peers of cgc
>
> So, that boils down to me not knowing where SC got that routing, it
> seems too far off. I would have to manufacture a spam to be able to
> find that out. I think I will.
OK, I see where SC is coming from. They aren't happy at the cgc level
so they are looking at cgc peers.
Resolving link obfuscation
http://www.drijous.com/4/6/index.php
host 66.249.111.42 (getting name) no name
Tracking link: http://www.drijous.com/4/6/index.php
Resolves to 66.249.111.42
Routing details for 66.249.111.42
<now, let's jump over there to routing>
Reports routes for 66.249.111.42:
routeid:9799506 66.249.96.0 - 66.249.111.255 to:cais.net at abuse.net
Administrator interested in all reports
Monday, April 12, 2004 6:58:47 AM -0700
[Note added by 216.127.43.94 (sam.julianhaight.com)]
Ref: SBL14959
ROKSO ROK3452
3491 <-- 32121
So, what that routing information is saying is that that deputy IP is
using the negativity found at spamhaus about the cgc 32121 I mentioned
above and notifying in favor of AS3491, which is cais.
You can see the spamhaus rokso handling of the issue here:
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL14959
The way spamhaus saw it was to go directly from the IP's /20 and call it
AS32121 - whereas I saw that as AS32104 peering with AS32121 - which is
true - but the routing deputy decided to skip right past 32121 on the
basis of the rokso information to go to 3491
whois -h whois.arin.net as3491 ...
OrgName: CAIS Internet
--
Mike Easter
kibitzer, not SC admin
More information about the SpamCop-Help
mailing list