![[SpamCop.net - protecting the internet through technology]](http://news.spamcop.net/newlogo.jpg)
[SC-Help] Re: THEHOTTESTTHINGAROUND.COM - "Consumer Research
Corp"SPAM
Ellen
nobody at spamcop.net
Tue May 17 10:50:00 EDT 2005
"Steve Johnson" <steevian at yahoo.com> wrote in message
news:mailman.0.1116317184.169.spamcop-help at news.spamcop.net...
>
> Hello Ellen,
>
> Can you please tell me where you were able to find this info and if you
know who to
> talk to at "XO.com" I would appreaciate that info also, I haven't had much
luck with
> them, they gave me a big laugh and 'click' on the phone last time.
The information came from checking route-views using telnet:
http://www.routeviews.org/
You can try http://www.fixedorbit.com/search.htm altho I have found them to
be inaccurate from time to time as they don't seem to update as often as
they should. Once you get the AS number from fixedorbit, you can use this
url to pull up the details from the cidr-report -- just change the number
after the AS in the url to the one you are interested in:
http://www.cidr-report.org/cgi-bin/as-report?as=AS2828&view=4637
halfway down the page is a list of the ranges announced by the ASN. So you
would want to use that to check to see if the block was really announced by
the ASN or if fixedorbit was out of date. There is probably a less painful
way to do this but as I just telnet into route-views I don't know what that
is. You can also try one or more of the looking glass sites -- just remember
that the results you are getting are for that looking glass only; here is a
link to a bunch of them:
http://www.traceroute.org/#Looking Glass
So for example you could try the qwest USA one and put in the IP and select
BGP for the query type. You might want to try a few of them geographically
scattered to make sure that you got complete information. You can then look
up the ASNs at fixedorbit to see who they belong to or use ARIN/RIPE/etc to
look up that information. In any case you need to sanity check the
information that you have gathered.
>
> The listing at SPAMHAUS
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL12587 refers
> to a different range, are you suggesting "Quang Dangtran - Whoa Medical"
is
> responsible for this?
yes
The Rokso listing is for the /20:
Address Range 69.67.64.0 - 69.67.79.255What I rerouted was
69.67.72.0/2169.67.72.0 - 69.67.79.255Which is a subset of the /20.I see
69.67.64.0/21 as being announced by AS701 which is mci.com. XO should be
well aware of what is happening -- there are over 3000 reports for the last
week for 69.67.72.0/24.
>
> Any idea on who "Roger Graves DATAMONITOR-BUSSINESS-INFORMATION" is??
nope, no idea -- I tend to not be able to keep track of the names and
aliases of all those spammers as I am, in general, very bad at retaining
names. A select few however I have no problem with :-)
Ellen
More information about the SpamCop-Help
mailing list