How do i find out who owns this IP? - Tilted Forum Project Discussion Community

dimbulb · 08-23-2003, 12:29 PM

Received: from ACNT-SPARE (168-215-59-34.gen.twtelecom.net [168.215.59.34])

or at least get in touch with someone that could help. This bugger has been flooding my email with sobig emails. 3000 in 3 days, at last count.

My school account kinda 'filters' it out, by deleting the attachments, and labelling the subject, so I can filter it out using my mail client. BUT i just want this to stop. It's flooding my trash, and not to mention the bounced msgs that i keep getting.

HELP!!

thanks...

Nizzle · 08-23-2003, 01:06 PM

You don't. You should mail abuse@twtelecom.net

Mad_Gecko · 08-23-2003, 02:21 PM

This is an IP tracker:

Track My IP

Enter the IP...

But they prob. spoofed it!

silenced · 08-23-2003, 05:05 PM

its not spoofed, thats the ip of it, it only spoof's email addresses.

poof · 08-23-2003, 05:07 PM

Or <a href="http://www.whois.net/">whois</a>. Try <a href="http://www.firetrust.com/index.php">this email program</a> that will put that ip on a blacklist. But you really need to report it to Spamcop also. The will want you to forward the emails (headers intact) and they will check it out.

Fearless_Hyena · 08-23-2003, 05:37 PM

If I remember correctly, the Sobig email addresses are spoofed so that may not be the actual address where they came from.

However, SamSpade:
http://www.samspade.org

is a good site for learning about IP addresses.

definitely contact twtelecom.net's abuse department tho too, they might be able to help.

Nizzle · 08-23-2003, 06:39 PM

ARIN whois information, traceroutes and the like are not going to do you any good. Even if you were, hypothetically, able to track it to someone's home address, what would you do? Go beat them up?

The proper thing to do is to block the IP of the SMTP server with a firewall and either wait it out, or send mail to abuse@twtelecom.net to speed it up.

To clear a bit of misinformation about SoBig: It spoofs the "From:" header in the email. The header of an email is supplied by the sender and can be set to anything you want it to be, provided the mail client gives you the option.

SoBig is unable to spoof an IP address.

Spoofing the src header of a TCP packet is possible, but the handshake-style negotiation would make it impossible to do this over the Internet. The spoofer would need access to your LAN and some sophisticated tools.

MMM-A · 08-24-2003, 10:18 AM

This from Arin.net's whois on the address you specified. From it, the proper place to contact is abuse@twtelecom.net

Make sure you forward a copy with complete headers attached.

OrgName: Time Warner Telecom
OrgID: TWTC
Address: 10475 Park Meadows Drive
City: Littleton
StateProv: CO
PostalCode: 80124
Country: US

NetRange: 168.215.0.0 - 168.215.255.255
CIDR: 168.215.0.0/16
NetName: TWTELECOM-COM
NetHandle: NET-168-215-0-0-1
Parent: NET-168-0-0-0-0
NetType: Direct Allocation
NameServer: NS1.MILW.TWTELECOM.NET
NameServer: NS1.IPLT.TWTELECOM.NET
NameServer: NS1.ORNG.TWTELECOM.NET
Comment:
RegDate: 2000-11-28
Updated: 2001-09-26

TechHandle: ZT87-ARIN
TechName: Time Warner Telecom
TechPhone: +1-800-898-6473
TechEmail: ipmanager@twtelecom.net

OrgAbuseHandle: TWTAD-ARIN
OrgAbuseName: Time Warner Telecom Abuse Desk
OrgAbusePhone: +1-800-898-6473
OrgAbuseEmail: abuse@twtelecom.net

OrgNOCHandle: TDN1-ARIN
OrgNOCName: TWTC Data NOC
OrgNOCPhone: +1-800-898-6473
OrgNOCEmail: support@twtelecom.net

OrgTechHandle: NST12-ARIN
OrgTechName: NOC SWIP Team
OrgTechPhone: +1-800-898-6473
OrgTechEmail: swip@twtelecom.com

# ARIN WHOIS database, last updated 2003-08-23 19:15
# Enter ? for additional hints on searching ARIN's WHOIS database.

08-23-2003, 12:29 PM	#1 (permalink)
dimbulb Riiiiight........	How do i find out who owns this IP? Received: from ACNT-SPARE (168-215-59-34.gen.twtelecom.net [168.215.59.34]) or at least get in touch with someone that could help. This bugger has been flooding my email with sobig emails. 3000 in 3 days, at last count. My school account kinda 'filters' it out, by deleting the attachments, and labelling the subject, so I can filter it out using my mail client. BUT i just want this to stop. It's flooding my trash, and not to mention the bounced msgs that i keep getting. HELP!! thanks...

08-23-2003, 01:06 PM	#2 (permalink)
Nizzle God-Hating Liberal Location: Silicon Valley, CA	You don't. You should mail abuse@twtelecom.net __________________ Nizzle

08-23-2003, 02:21 PM	#3 (permalink)
Mad_Gecko Pro Libertate Location: City Gecko	This is an IP tracker: Track My IP Enter the IP... But they prob. spoofed it! __________________ [color=bright blue]W[/color]e Stick To Glass "If three of us travel together, I shall find two teachers." Confucious

08-23-2003, 05:05 PM	#4 (permalink)
silenced Crazy Location: Upstate NY	its not spoofed, thats the ip of it, it only spoof's email addresses. __________________ I am jack's broken heart

08-23-2003, 06:39 PM	#7 (permalink)
Nizzle God-Hating Liberal Location: Silicon Valley, CA	ARIN whois information, traceroutes and the like are not going to do you any good. Even if you were, hypothetically, able to track it to someone's home address, what would you do? Go beat them up? The proper thing to do is to block the IP of the SMTP server with a firewall and either wait it out, or send mail to abuse@twtelecom.net to speed it up. To clear a bit of misinformation about SoBig: It spoofs the "From:" header in the email. The header of an email is supplied by the sender and can be set to anything you want it to be, provided the mail client gives you the option. SoBig is unable to spoof an IP address. Spoofing the src header of a TCP packet is possible, but the handshake-style negotiation would make it impossible to do this over the Internet. The spoofer would need access to your LAN and some sophisticated tools. __________________ Nizzle

08-23-2003, 05:07 PM	#5 (permalink)
poof Psycho	Or <a href="http://www.whois.net/">whois</a>. Try <a href="http://www.firetrust.com/index.php">this email program</a> that will put that ip on a blacklist. But you really need to report it to Spamcop also. The will want you to forward the emails (headers intact) and they will check it out.

08-23-2003, 05:37 PM	#6 (permalink)
Fearless_Hyena Hello, good evening, and bollocks. Location: near DC	If I remember correctly, the Sobig email addresses are spoofed so that may not be the actual address where they came from. However, SamSpade: http://www.samspade.org is a good site for learning about IP addresses. definitely contact twtelecom.net's abuse department tho too, they might be able to help.

08-24-2003, 10:18 AM	#8 (permalink)
MMM-A Upright	This from Arin.net's whois on the address you specified. From it, the proper place to contact is abuse@twtelecom.net Make sure you forward a copy with complete headers attached. OrgName: Time Warner Telecom OrgID: TWTC Address: 10475 Park Meadows Drive City: Littleton StateProv: CO PostalCode: 80124 Country: US NetRange: 168.215.0.0 - 168.215.255.255 CIDR: 168.215.0.0/16 NetName: TWTELECOM-COM NetHandle: NET-168-215-0-0-1 Parent: NET-168-0-0-0-0 NetType: Direct Allocation NameServer: NS1.MILW.TWTELECOM.NET NameServer: NS1.IPLT.TWTELECOM.NET NameServer: NS1.ORNG.TWTELECOM.NET Comment: RegDate: 2000-11-28 Updated: 2001-09-26 TechHandle: ZT87-ARIN TechName: Time Warner Telecom TechPhone: +1-800-898-6473 TechEmail: ipmanager@twtelecom.net OrgAbuseHandle: TWTAD-ARIN OrgAbuseName: Time Warner Telecom Abuse Desk OrgAbusePhone: +1-800-898-6473 OrgAbuseEmail: abuse@twtelecom.net OrgNOCHandle: TDN1-ARIN OrgNOCName: TWTC Data NOC OrgNOCPhone: +1-800-898-6473 OrgNOCEmail: support@twtelecom.net OrgTechHandle: NST12-ARIN OrgTechName: NOC SWIP Team OrgTechPhone: +1-800-898-6473 OrgTechEmail: swip@twtelecom.com # ARIN WHOIS database, last updated 2003-08-23 19:15 # Enter ? for additional hints on searching ARIN's WHOIS database.