08-23-2003, 12:29 PM | #1 (permalink) |
Riiiiight........
|
How do i find out who owns this IP?
Received: from ACNT-SPARE (168-215-59-34.gen.twtelecom.net [168.215.59.34])
or at least get in touch with someone that could help. This bugger has been flooding my email with sobig emails. 3000 in 3 days, at last count. My school account kinda 'filters' it out, by deleting the attachments, and labelling the subject, so I can filter it out using my mail client. BUT i just want this to stop. It's flooding my trash, and not to mention the bounced msgs that i keep getting. HELP!! thanks... |
08-23-2003, 01:06 PM | #2 (permalink) |
God-Hating Liberal
Location: Silicon Valley, CA
|
You don't. You should mail abuse@twtelecom.net
__________________
Nizzle |
08-23-2003, 05:07 PM | #5 (permalink) |
Psycho
|
Or <a href="http://www.whois.net/">whois</a>. Try <a href="http://www.firetrust.com/index.php">this email program</a> that will put that ip on a blacklist. But you really need to report it to Spamcop also. The will want you to forward the emails (headers intact) and they will check it out.
|
08-23-2003, 05:37 PM | #6 (permalink) |
Hello, good evening, and bollocks.
Location: near DC
|
If I remember correctly, the Sobig email addresses are spoofed so that may not be the actual address where they came from.
However, SamSpade: http://www.samspade.org is a good site for learning about IP addresses. definitely contact twtelecom.net's abuse department tho too, they might be able to help. |
08-23-2003, 06:39 PM | #7 (permalink) |
God-Hating Liberal
Location: Silicon Valley, CA
|
ARIN whois information, traceroutes and the like are not going to do you any good. Even if you were, hypothetically, able to track it to someone's home address, what would you do? Go beat them up?
The proper thing to do is to block the IP of the SMTP server with a firewall and either wait it out, or send mail to abuse@twtelecom.net to speed it up. To clear a bit of misinformation about SoBig: It spoofs the "From:" header in the email. The header of an email is supplied by the sender and can be set to anything you want it to be, provided the mail client gives you the option. SoBig is unable to spoof an IP address. Spoofing the src header of a TCP packet is possible, but the handshake-style negotiation would make it impossible to do this over the Internet. The spoofer would need access to your LAN and some sophisticated tools.
__________________
Nizzle |
08-24-2003, 10:18 AM | #8 (permalink) |
Upright
|
This from Arin.net's whois on the address you specified. From it, the proper place to contact is abuse@twtelecom.net
Make sure you forward a copy with complete headers attached.
|
Tags |
find, owns |
|
|