![[SpamCop.net - protecting the internet through technology]](http://news.spamcop.net/newlogo.jpg)
[SC-Help] Re: How to identify upstream for 65.182.128.220?
RW
nobody at spamcop.net
Sun Apr 18 01:49:48 EDT 2004
Sergey wrote:
>
> I am still pretty confused about how to read traceroutes when there are gaps
> inbetween the hops. Here's one that I did for 65.182.128.220 trying to
> identify their upstream:
> Tracing from Opus One to 65.182.128.220
As Mike posted, there are three or four apparent networks in the
tracroute before the destination server. However, bgp routing tables
show the /20 is announced by Level3. The hops between the Level3
gateway and the destination may be upstream providers, could be forged
(Marin is good for that) or could be different blocks under the control
of the same spammer.
BTW, in answer to your original question, by "blanks", I take it you
mean the starts in the trace. Those indicate timeouts... the server
didn't respond to the request either because it is running slow (where
one or two stars exist) or is set to not respond to pings (where there
are three stars).
Richard
More information about the SpamCop-Help
mailing list