oldskoolflash Posted August 23, 2006 Share Posted August 23, 2006 A few times I have parsed spam emails and hit a "whois" brick wall. The reporting address is clearly belongs to the spammer and there seems to be no way of finding the host's, host. Is this a very difficult process to do? For example this morning I have received spam referencing the sites: http://delicateperformance.org/ AND http://www.cheerfultune.org (google redirectors removed) Both resolve to: 200.79.160.7 = [ npm.vpnmexico.net ] Reporting address carlos.vargas[at]VPNMEXICO.NET hmmmmm I don't think so! Also vpnmexico.net does not have a website (pretty suspicious for an host i'd say). inetnum: 200.79.160/20 status: reallocated owner: Infraestructura de Telecomunicaciones Inalambrica ownerid: MX-ITIN-LACNIC responsible: Carlos Andres Vargas Salas address: Paseo de la Reforma 2608 21 PISO address: 11950 - Mexico - DF country: MX phone: 52 55 52164200 [4300] owner-c: CAV tech-c: CAV created: 20021209 changed: 20021209 inetnum-up: 200.79/16 nic-hdl: CAV person: Carlos Andres Vargas e-mail: carlos.vargas[at]VPNMEXICO.NET address: Paseo de la Reforma 2608 21 PISO address: 11950 - Mexico - DF country: MX phone: 52 55 52164200 [4300] created: 20021209 changed: 20041207 Link to comment Share on other sites More sharing options...
turetzsr Posted August 24, 2006 Share Posted August 24, 2006 A few times I have parsed spam emails and hit a "whois" brick wall. The reporting address is clearly belongs to the spammer and there seems to be no way of finding the host's, host. Is this a very difficult process to do? For example this morning I have received spam referencing the sites: http://delicateperformance.org/ AND http://www.cheerfultune.org (google redirectors removed) Both resolve to: 200.79.160.7 = [ npm.vpnmexico.net ] <snip> ...Normally, performing a 'tracert' command for the ip address provides the path across which a message takes to get to that ip address but I am getting a bunch of timeouts right now. Link to comment Share on other sites More sharing options...
Wazoo Posted August 25, 2006 Share Posted August 25, 2006 08/24/06 20:11:25 Slow traceroute 200.79.160.7 Trace 200.79.160.7 ... 144.232.9.136 RTT: 41ms TTL:144 (sl-st20-dal-1-0.sprintlink.net ok) 144.223.244.154 RTT: 43ms TTL:144 (sl-mexic1-3-0.sprintlink.net bogus rDNS: host not found [authoritative]) 200.53.127.45 RTT: 43ms TTL:144 (host112045.metrored.net.mx bogus rDNS: host not found [authoritative]) 201.148.152.10 RTT: 90ms TTL:144 (Giga1-3.NMU-COR-R02.metrored.net.mx bogus rDNS: host not found [authoritative]) 200.57.17.141 RTT: 73ms TTL:144 (unknown.bestel.com.mx bogus rDNS: host not found [authoritative]) 200.79.160.7 RTT: 76ms TTL:111 (npm.vpnmexico.net ok) 08/24/06 20:17:17 Browsing http://npm.vpnmexico.net/ Fetching http://npm.vpnmexico.net/ ... GET / HTTP/1.1 Host: npm.vpnmexico.net HTTP/1.1 302 Object moved Server: Microsoft-IIS/5.0 ... <body><h1>Object Moved</h1>This object may be found <a HREF="/Login.asp">here</a>.</body> 08/24/06 20:19:21 Browsing http://vpnmexico.net/ No such server as vpnmexico.net 08/24/06 20:21:37 Fetching http://npm.vpnmexico.net/Login.asp Fetching http://npm.vpnmexico.net/Login.asp ... GET /Login.asp HTTP/1.1 Host: npm.vpnmexico.net <title>SolarWinds Network Management</title> whois.lacnic.net is not offering up an AS number .. hmmmm .... Link to comment Share on other sites More sharing options...
oldskoolflash Posted August 29, 2006 Author Share Posted August 29, 2006 <title>SolarWinds Network Management</title> whois.lacnic.net is not offering up an AS number .. hmmmm .... Many thanks guys. Sorry for being a bit slow but presumably SolarWinds Network managemant is the upstream ISP? And what is an AS number? Also, is traceroute a DOS command? Many thanks. Link to comment Share on other sites More sharing options...
StevenUnderwood Posted August 29, 2006 Share Posted August 29, 2006 Also, is traceroute a DOS command? The Windows Command Prompt (DOS) equivalent is tracert Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.