Jump to content

Suggestion: Reporting: Notifying all A/CNAME ISPs


Jeff G.
 Share

Recommended Posts

Please adjust the Parser to identify all A Records and follow all CNAME Records for spamvertized URLs in order to more completely inform the ISPs of the systems providing spam support services in the form of web services for those URLs. Thanks!

Link to comment
Share on other sites

  • 3 weeks later...
Please adjust the Parser to identify all A Records and follow all CNAME Records for spamvertized URLs in order to more completely inform the ISPs of the systems providing spam support services in the form of web services for those URLs.  Thanks!

21918[/snapback]

An example for why to do this:

4 spam messages, 3 separate domains, each with the same 3 identical 'A' records. Each one parsed showing no "history" for the site (initially) and two different IPs resolved in different reports (instead of all being recognized as a single source/site).

http://www.spamcop.net/sc?id=z713073062z25...a68253f862cbd1z

http://www.spamcop.net/sc?id=z713073168zd1...9790a4a2943187z

http://www.spamcop.net/sc?id=z713073261z96...471c01714160f2z

http://www.spamcop.net/sc?id=z713073168zd1...9790a4a2943187z

% dig '*.sdfkjhwerg.info' any

; <<>> DiG 9.3.0 <<>> *.sdfkjhwerg.info any

;; global options: printcmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27429

;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 3, ADDITIONAL: 3

;; QUESTION SECTION:

;*.sdfkjhwerg.info. IN ANY

;; ANSWER SECTION:

*.sdfkjhwerg.info. 1200 IN A 65.203.151.193

*.sdfkjhwerg.info. 1200 IN A 211.144.162.61

*.sdfkjhwerg.info. 1200 IN A 211.144.164.201

;; AUTHORITY SECTION:

sdfkjhwerg.info. 1200 IN NS FIRST.darubebam.biz.

sdfkjhwerg.info. 1200 IN NS THIRD.darubebam.biz.

sdfkjhwerg.info. 1200 IN NS SECOND.darubebam.biz.

;; ADDITIONAL SECTION:

FIRST.darubebam.biz. 597 IN A 211.144.164.201

THIRD.darubebam.biz. 599 IN A 211.144.162.61

SECOND.darubebam.biz. 597 IN A 211.144.162.44

;; Query time: 332 msec

;; SERVER: 199.184.245.68#53(199.184.245.68)

;; WHEN: Sat Jan 15 15:29:34 2005

;; MSG SIZE rcvd: 205

% dig '*.sdfkjhwerg.info' any [at]SECOND.darubebam.biz.

; <<>> DiG 9.3.0 <<>> *.sdfkjhwerg.info any [at]SECOND.darubebam.biz.

;; global options: printcmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38190

;; flags: qr aa rd; QUERY: 1, ANSWER: 3, AUTHORITY: 3, ADDITIONAL: 3

;; QUESTION SECTION:

;*.sdfkjhwerg.info. IN ANY

;; ANSWER SECTION:

*.sdfkjhwerg.info. 1200 IN A 65.203.151.193

*.sdfkjhwerg.info. 1200 IN A 211.144.162.61

*.sdfkjhwerg.info. 1200 IN A 211.144.164.201

;; AUTHORITY SECTION:

sdfkjhwerg.info. 1200 IN NS FIRST.darubebam.biz.

sdfkjhwerg.info. 1200 IN NS SECOND.darubebam.biz.

sdfkjhwerg.info. 1200 IN NS THIRD.darubebam.biz.

;; ADDITIONAL SECTION:

FIRST.darubebam.biz. 1200 IN A 211.144.164.201

SECOND.darubebam.biz. 1200 IN A 211.144.162.44

THIRD.darubebam.biz. 1200 IN A 211.144.162.61

;; Query time: 310 msec

;; SERVER: 211.144.162.44#53(SECOND.darubebam.biz.)

;; WHEN: Sat Jan 15 15:29:44 2005

;; MSG SIZE rcvd: 205

% dig '*.sdfhwbsldf.info' any [at]SECOND.darubebam.biz.

; <<>> DiG 9.3.0 <<>> *.sdfhwbsldf.info any [at]SECOND.darubebam.biz.

;; global options: printcmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50388

;; flags: qr aa rd; QUERY: 1, ANSWER: 3, AUTHORITY: 3, ADDITIONAL: 3

;; QUESTION SECTION:

;*.sdfhwbsldf.info. IN ANY

;; ANSWER SECTION:

*.sdfhwbsldf.info. 1200 IN A 65.203.151.193

*.sdfhwbsldf.info. 1200 IN A 211.144.162.61

*.sdfhwbsldf.info. 1200 IN A 211.144.164.201

;; AUTHORITY SECTION:

sdfhwbsldf.info. 1200 IN NS FIRST.darubebam.biz.

sdfhwbsldf.info. 1200 IN NS SECOND.darubebam.biz.

sdfhwbsldf.info. 1200 IN NS THIRD.darubebam.biz.

;; ADDITIONAL SECTION:

FIRST.darubebam.biz. 1200 IN A 211.144.164.201

SECOND.darubebam.biz. 1200 IN A 211.144.162.44

THIRD.darubebam.biz. 1200 IN A 211.144.162.61

;; Query time: 315 msec

;; SERVER: 211.144.162.44#53(SECOND.darubebam.biz.)

;; WHEN: Sat Jan 15 15:33:29 2005

;; MSG SIZE rcvd: 205

Edited by get-even
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...