[SpamCop.net - protecting the internet through technology]

[SpamCop-List] Strange IP Shenanigans

Berny bar_n0ne at hotmail.com
Mon Feb 7 10:44:46 EST 2005 

Folks,

I recieved a spam that would be reported to Nomaster so I did traceroutes on
the sending IP and various IP's and domains  of spamvertizements contained
within.

for the sending ID:
.....
7  t2a5-s12-0-0.uk-lon2.eu.bt.net (166.49.189.217)  197.155 ms  176.167 ms
161.428 ms
 8  t2c1-ge7-0.uk-lon2.eu.bt.net (166.49.176.43)  196.525 ms  173.287 ms
172.403 ms
 9  t2c1-p4-2.uk-ilf.eu.bt.net (166.49.195.121)  177.554 ms  176.383 ms
186.296 ms
10  sl-gw10-lon-6-1.sprintlink.net (213.206.159.45)  178.554 ms  201.362 ms
284.450 ms
11  sl-bb21-lon-8-0.sprintlink.net (213.206.128.45)  620.861 ms  194.753 ms
166.440 ms
12  sl-bb21-tuk-10-0.sprintlink.net (144.232.19.69)  424.299 ms  265.057 ms
248.593 ms
13  sl-bb20-tuk-15-0.sprintlink.net (144.232.20.132)  245.228 ms  240.330 ms
250.211 ms
14  sl-bb21-rly-14-3.sprintlink.net (144.232.20.122)  253.367 ms  268.676 ms
243.227 ms
15  sl-bb22-rly-13-0.sprintlink.net (144.232.7.254)  246.981 ms  254.829 ms
280.305 ms
16  sl-bb22-sj-10-0.sprintlink.net (144.232.20.186)  347.138 ms  404.169 ms
302.793 ms
17  sl-bb21-sj-14-0.sprintlink.net (144.232.3.161)  325.654 ms  310.777 ms
310.902 ms
18  sl-bb24-sj-12-0.sprintlink.net (144.232.3.202)  449.792 ms  518.301 ms
423.173 ms
19  sl-bb20-ana-6-0.sprintlink.net (144.232.20.100)  451.514 ms  346.863 ms
480.227 ms
20  sl-gw29-ana-0-0.sprintlink.net (144.232.1.146)  333.509 ms  323.873 ms
343.242 ms
21  sl-china1-6-0.sprintlink.net (144.228.74.222)  416.712 ms *  413.998 ms
22  202.97.51.161 (202.97.51.161)  614.736 ms  615.309 ms  620.855 ms
23  * 202.97.33.137 (202.97.33.137)  757.847 ms  707.643 ms
24  202.97.43.146 (202.97.43.146)  687.170 ms  704.135 ms  701.639 ms
25  219.133.30.238 (219.133.30.238)  687.404 ms  709.482 ms  733.614 ms
26  219.133.30.186 (219.133.30.186)  753.215 ms  703.368 ms  745.979 ms
     MPLS Label=2001 CoS=1 TTL=1 S=0
27  218.17.200.2 (218.17.200.2)  705.011 ms  773.676 ms  768.691 ms
28  218.17.200.66 (218.17.200.66)  740.981 ms  738.705 ms  747.095 ms
29  219.133.144.104 (219.133.144.104)  644.078 ms  638.923 ms  628.974 ms

what is the meaning of the crap after #21

and does this mean sprintlink is upstream? (funny how everything points to
china too)

And moreover, how does that whole last IP-range not resolve to anybody at
all? APNIC shows nothing according to SC. And with latencies of almost a
second on the last half dozen hops, their clients must be really patient and
desperate for their enlargement/cialis/medz.

and more wierdness here:
....
 9  t2c1-p4-2.uk-ilf.eu.bt.net (166.49.195.121)  198.903 ms  214.144 ms
250.334 ms
10  sl-gw10-lon-6-0.sprintlink.net (213.206.159.41)  254.368 ms  182.771 ms
164.799 ms
11  sl-bb21-lon-8-0.sprintlink.net (213.206.128.45)  228.248 ms  181.914 ms
173.551 ms
12  sl-bb21-tuk-10-0.sprintlink.net (144.232.19.69)  240.490 ms  242.108 ms
235.734 ms
13  sl-bb20-tuk-15-0.sprintlink.net (144.232.20.132)  241.860 ms  243.348 ms
236.137 ms
14  sl-bb21-rly-15-1.sprintlink.net (144.232.20.120)  244.980 ms  238.586 ms
250.987 ms
15  sl-bb22-rly-13-0.sprintlink.net (144.232.7.254)  253.088 ms  239.355 ms
240.733 ms
16  sl-bb22-sj-10-0.sprintlink.net (144.232.20.186)  390.602 ms  439.534 ms
494.113 ms
17  sl-bb21-sj-14-0.sprintlink.net (144.232.3.161)  394.319 ms  322.653 ms
304.174 ms
18  sl-bb24-sj-12-0.sprintlink.net (144.232.3.202)  411.679 ms  521.960 ms
476.249 ms
19  sl-bb20-ana-6-0.sprintlink.net (144.232.20.100)  501.953 ms  360.368 ms
315.277 ms
20  sl-gw29-ana-0-0.sprintlink.net (144.232.1.146)  320.402 ms  341.509 ms
831.151 ms
21  sl-china1-6-0.sprintlink.net (144.228.74.222)  450.880 ms  405.320 ms
406.450 ms
22  202.97.51.225 (202.97.51.225)  714.998 ms *  718.165 ms
23  202.97.53.81 (202.97.53.81)  720.374 ms * *
24  202.97.54.86 (202.97.54.86)  701.926 ms *  700.652 ms
25  * 219.148.18.229 (219.148.18.229)  703.050 ms  703.862 ms
26  219.148.18.42 (219.148.18.42)  728.494 ms  735.093 ms *
27  219.148.124.3 (219.148.124.3)  713.758 ms * *
28  222.223.134.242 (222.223.134.242)  706.593 ms  701.746 ms *
29  * * *
30  222.223.134.252 (222.223.134.252)  619.768 ms  578.863 ms  643.087 ms

(spamvertized site)

what's with line 29?

and one more:

10  t2c2-p4-0.us-nyb.eu.bt.net (166.49.164.50)  251.477 ms  250.698 ms
254.094 ms
11  aer1-gigabitethernet2-6.newyork.savvis.net (208.173.135.157)  255.718 ms
256.580 ms  262.091 ms
12  dcr3-ae2.newyork.savvis.net (208.174.228.9)  271.332 ms  275.952 ms
268.325 ms
13  dcr2-loopback.losangeles.savvis.net (208.172.34.108)  323.020 ms
324.528 ms dcr1-loopback.losangeles.savvis.net (208.172.34.107)  323.757 ms
14  aer1-port-channel-1-0.losangeles.savvis.net (208.172.47.12)  340.630 ms
dcr1-ae2-0.losangeles.savvis.net (208.172.47.77)  362.356 ms  339.017 ms
15  china-telecommunications-corporation.losangeles.savvis.net
(208.173.55.198)  444.026 ms  450.765 ms *
16  * 202.97.49.129 (202.97.49.129)  441.309 ms *
17  202.97.51.161 (202.97.51.161)  612.536 ms  609.820 ms  608.977 ms
18  202.97.33.149 (202.97.33.149)  614.105 ms  609.655 ms  609.977 ms
19  222.176.2.225 (222.176.2.225)  741.350 ms  737.360 ms  734.106 ms
20  * 222.176.2.17 (222.176.2.17)  723.363 ms  726.638 ms
     MPLS Label=130087 CoS=1 TTL=1 S=0
21  * 222.176.3.98 (222.176.3.98)  719.627 ms  722.121 ms
22  222.177.192.158 (222.177.192.158)  753.977 ms  740.857 ms  740.847 ms
23  61.186.170.65 (61.186.170.65)  737.107 ms  735.615 ms  737.366 ms
24  * * *
25  * * *
26  * * *
27  211.144.164.194 (211.144.164.194)  733.955 ms  780.828 ms  784.441 ms
28  * * *
29  211.144.164.202 (211.144.164.202)  631.204 ms  634.349 ms  631.466 ms


more of those lines with "* * *"

and is savvis the upstream for china telecom?

More information about the SpamCop-List mailing list