Jump to content
Sign in to follow this  
Jeff G.

Suggestion: Reporting: Notifying all A/CNAME ISPs

Recommended Posts

Please adjust the Parser to identify all A Records and follow all CNAME Records for spamvertized URLs in order to more completely inform the ISPs of the systems providing spam support services in the form of web services for those URLs. Thanks!

Share this post


Link to post
Share on other sites
Please adjust the Parser to identify all A Records and follow all CNAME Records for spamvertized URLs in order to more completely inform the ISPs of the systems providing spam support services in the form of web services for those URLs.  Thanks!

21918[/snapback]

An example for why to do this:

4 spam messages, 3 separate domains, each with the same 3 identical 'A' records. Each one parsed showing no "history" for the site (initially) and two different IPs resolved in different reports (instead of all being recognized as a single source/site).

http://www.spamcop.net/sc?id=z713073062z25...a68253f862cbd1z

http://www.spamcop.net/sc?id=z713073168zd1...9790a4a2943187z

http://www.spamcop.net/sc?id=z713073261z96...471c01714160f2z

http://www.spamcop.net/sc?id=z713073168zd1...9790a4a2943187z

% dig '*.sdfkjhwerg.info' any

; <<>> DiG 9.3.0 <<>> *.sdfkjhwerg.info any

;; global options: printcmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27429

;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 3, ADDITIONAL: 3

;; QUESTION SECTION:

;*.sdfkjhwerg.info. IN ANY

;; ANSWER SECTION:

*.sdfkjhwerg.info. 1200 IN A 65.203.151.193

*.sdfkjhwerg.info. 1200 IN A 211.144.162.61

*.sdfkjhwerg.info. 1200 IN A 211.144.164.201

;; AUTHORITY SECTION:

sdfkjhwerg.info. 1200 IN NS FIRST.darubebam.biz.

sdfkjhwerg.info. 1200 IN NS THIRD.darubebam.biz.

sdfkjhwerg.info. 1200 IN NS SECOND.darubebam.biz.

;; ADDITIONAL SECTION:

FIRST.darubebam.biz. 597 IN A 211.144.164.201

THIRD.darubebam.biz. 599 IN A 211.144.162.61

SECOND.darubebam.biz. 597 IN A 211.144.162.44

;; Query time: 332 msec

;; SERVER: 199.184.245.68#53(199.184.245.68)

;; WHEN: Sat Jan 15 15:29:34 2005

;; MSG SIZE rcvd: 205

% dig '*.sdfkjhwerg.info' any [at]SECOND.darubebam.biz.

; <<>> DiG 9.3.0 <<>> *.sdfkjhwerg.info any [at]SECOND.darubebam.biz.

;; global options: printcmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38190

;; flags: qr aa rd; QUERY: 1, ANSWER: 3, AUTHORITY: 3, ADDITIONAL: 3

;; QUESTION SECTION:

;*.sdfkjhwerg.info. IN ANY

;; ANSWER SECTION:

*.sdfkjhwerg.info. 1200 IN A 65.203.151.193

*.sdfkjhwerg.info. 1200 IN A 211.144.162.61

*.sdfkjhwerg.info. 1200 IN A 211.144.164.201

;; AUTHORITY SECTION:

sdfkjhwerg.info. 1200 IN NS FIRST.darubebam.biz.

sdfkjhwerg.info. 1200 IN NS SECOND.darubebam.biz.

sdfkjhwerg.info. 1200 IN NS THIRD.darubebam.biz.

;; ADDITIONAL SECTION:

FIRST.darubebam.biz. 1200 IN A 211.144.164.201

SECOND.darubebam.biz. 1200 IN A 211.144.162.44

THIRD.darubebam.biz. 1200 IN A 211.144.162.61

;; Query time: 310 msec

;; SERVER: 211.144.162.44#53(SECOND.darubebam.biz.)

;; WHEN: Sat Jan 15 15:29:44 2005

;; MSG SIZE rcvd: 205

% dig '*.sdfhwbsldf.info' any [at]SECOND.darubebam.biz.

; <<>> DiG 9.3.0 <<>> *.sdfhwbsldf.info any [at]SECOND.darubebam.biz.

;; global options: printcmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50388

;; flags: qr aa rd; QUERY: 1, ANSWER: 3, AUTHORITY: 3, ADDITIONAL: 3

;; QUESTION SECTION:

;*.sdfhwbsldf.info. IN ANY

;; ANSWER SECTION:

*.sdfhwbsldf.info. 1200 IN A 65.203.151.193

*.sdfhwbsldf.info. 1200 IN A 211.144.162.61

*.sdfhwbsldf.info. 1200 IN A 211.144.164.201

;; AUTHORITY SECTION:

sdfhwbsldf.info. 1200 IN NS FIRST.darubebam.biz.

sdfhwbsldf.info. 1200 IN NS SECOND.darubebam.biz.

sdfhwbsldf.info. 1200 IN NS THIRD.darubebam.biz.

;; ADDITIONAL SECTION:

FIRST.darubebam.biz. 1200 IN A 211.144.164.201

SECOND.darubebam.biz. 1200 IN A 211.144.162.44

THIRD.darubebam.biz. 1200 IN A 211.144.162.61

;; Query time: 315 msec

;; SERVER: 211.144.162.44#53(SECOND.darubebam.biz.)

;; WHEN: Sat Jan 15 15:33:29 2005

;; MSG SIZE rcvd: 205

Edited by get-even

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×