Jeff G. Posted December 28, 2004 Posted December 28, 2004 Please adjust the Parser to identify all A Records and follow all CNAME Records for spamvertized URLs in order to more completely inform the ISPs of the systems providing spam support services in the form of web services for those URLs. Thanks!
get-even Posted January 16, 2005 Posted January 16, 2005 Please adjust the Parser to identify all A Records and follow all CNAME Records for spamvertized URLs in order to more completely inform the ISPs of the systems providing spam support services in the form of web services for those URLs. Thanks! 21918[/snapback] An example for why to do this: 4 spam messages, 3 separate domains, each with the same 3 identical 'A' records. Each one parsed showing no "history" for the site (initially) and two different IPs resolved in different reports (instead of all being recognized as a single source/site). http://www.spamcop.net/sc?id=z713073062z25...a68253f862cbd1z http://www.spamcop.net/sc?id=z713073168zd1...9790a4a2943187z http://www.spamcop.net/sc?id=z713073261z96...471c01714160f2z http://www.spamcop.net/sc?id=z713073168zd1...9790a4a2943187z % dig '*.sdfkjhwerg.info' any ; <<>> DiG 9.3.0 <<>> *.sdfkjhwerg.info any ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27429 ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 3, ADDITIONAL: 3 ;; QUESTION SECTION: ;*.sdfkjhwerg.info. IN ANY ;; ANSWER SECTION: *.sdfkjhwerg.info. 1200 IN A 65.203.151.193 *.sdfkjhwerg.info. 1200 IN A 211.144.162.61 *.sdfkjhwerg.info. 1200 IN A 211.144.164.201 ;; AUTHORITY SECTION: sdfkjhwerg.info. 1200 IN NS FIRST.darubebam.biz. sdfkjhwerg.info. 1200 IN NS THIRD.darubebam.biz. sdfkjhwerg.info. 1200 IN NS SECOND.darubebam.biz. ;; ADDITIONAL SECTION: FIRST.darubebam.biz. 597 IN A 211.144.164.201 THIRD.darubebam.biz. 599 IN A 211.144.162.61 SECOND.darubebam.biz. 597 IN A 211.144.162.44 ;; Query time: 332 msec ;; SERVER: 199.184.245.68#53(199.184.245.68) ;; WHEN: Sat Jan 15 15:29:34 2005 ;; MSG SIZE rcvd: 205 % dig '*.sdfkjhwerg.info' any [at]SECOND.darubebam.biz. ; <<>> DiG 9.3.0 <<>> *.sdfkjhwerg.info any [at]SECOND.darubebam.biz. ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38190 ;; flags: qr aa rd; QUERY: 1, ANSWER: 3, AUTHORITY: 3, ADDITIONAL: 3 ;; QUESTION SECTION: ;*.sdfkjhwerg.info. IN ANY ;; ANSWER SECTION: *.sdfkjhwerg.info. 1200 IN A 65.203.151.193 *.sdfkjhwerg.info. 1200 IN A 211.144.162.61 *.sdfkjhwerg.info. 1200 IN A 211.144.164.201 ;; AUTHORITY SECTION: sdfkjhwerg.info. 1200 IN NS FIRST.darubebam.biz. sdfkjhwerg.info. 1200 IN NS SECOND.darubebam.biz. sdfkjhwerg.info. 1200 IN NS THIRD.darubebam.biz. ;; ADDITIONAL SECTION: FIRST.darubebam.biz. 1200 IN A 211.144.164.201 SECOND.darubebam.biz. 1200 IN A 211.144.162.44 THIRD.darubebam.biz. 1200 IN A 211.144.162.61 ;; Query time: 310 msec ;; SERVER: 211.144.162.44#53(SECOND.darubebam.biz.) ;; WHEN: Sat Jan 15 15:29:44 2005 ;; MSG SIZE rcvd: 205 % dig '*.sdfhwbsldf.info' any [at]SECOND.darubebam.biz. ; <<>> DiG 9.3.0 <<>> *.sdfhwbsldf.info any [at]SECOND.darubebam.biz. ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50388 ;; flags: qr aa rd; QUERY: 1, ANSWER: 3, AUTHORITY: 3, ADDITIONAL: 3 ;; QUESTION SECTION: ;*.sdfhwbsldf.info. IN ANY ;; ANSWER SECTION: *.sdfhwbsldf.info. 1200 IN A 65.203.151.193 *.sdfhwbsldf.info. 1200 IN A 211.144.162.61 *.sdfhwbsldf.info. 1200 IN A 211.144.164.201 ;; AUTHORITY SECTION: sdfhwbsldf.info. 1200 IN NS FIRST.darubebam.biz. sdfhwbsldf.info. 1200 IN NS SECOND.darubebam.biz. sdfhwbsldf.info. 1200 IN NS THIRD.darubebam.biz. ;; ADDITIONAL SECTION: FIRST.darubebam.biz. 1200 IN A 211.144.164.201 SECOND.darubebam.biz. 1200 IN A 211.144.162.44 THIRD.darubebam.biz. 1200 IN A 211.144.162.61 ;; Query time: 315 msec ;; SERVER: 211.144.162.44#53(SECOND.darubebam.biz.) ;; WHEN: Sat Jan 15 15:33:29 2005 ;; MSG SIZE rcvd: 205
Recommended Posts
Archived
This topic is now archived and is closed to further replies.