* * * * *

                              Machines coughing

>   1. Nov 27 * new_account@turtle (1047) Your mail password
>   2. Nov 27 * [email protected] (1047) Faulty_mail delivery
>   3. Nov 27 * webmaster@hotmail. (1059) invalid mail <SMTP:8650>
>   4. Nov 27 * Error_Mail@wimborn (1051) Mail delivery_failed <6580>
>   5. Nov 27 * smooth_criminal_00 (1039) Details
>   6. Nov 27 * hostmaster@hotmail (1043) Confirmation
>   7. Nov 27 * shaikin_fati@hotma (1041) Oh God it's
>   8. Nov 27 * Auto-Mailer@valves (1053) Re: Faulty_mail delivery
>      <Esmtp:5394>
>   9. Nov 27 * nasimaqsa@hotmail. (1030) Details
>  10. Nov 27 * Error_Mail@winzyra (1052) Re: Mail delivery_failed
>  11. Nov 27 * [email protected] (1043) Mail Error <SMTP:3234>
>  12. Nov 27 * new_account@talk21 (1045) Re: Registration confirmation
>  13. Nov 27 * Error_Mail@barking (1049) FwD: illegal signs in your mail
>  14. Nov 27 * notifications@grou (1034) Oh God it's
>  15. Nov 27 * [email protected] (1051) Re: Mail delivery_failed <7339>
>  16. Nov 27 * [email protected] (1046) Your Password <KEY:4924>
>  17. Nov 27 * [email protected] (1053) Faulty_mail delivery
>  18. Nov 27 * [email protected] (1034) FwD: Details
>

Yup. Spam.

Well, more like viral spam, as it's the same box, over and over, trying to
deliver a virus. The IP (Internet Protocol) address it's coming from is
82.38.57.25, which belongs to blueyonder [1], an ISP (Internet Service
Provider) based out of Surrey, England [2].

While I could ban the IP that would only stop perhaps 40% of it, as most of
it is coming in via the backup email host for my domain and I don't have the
access to block IP addresses there. I did a look up on the IP address (which
is how I found out who owns it) and got this:

Table: Contact info for 82.38.57.25---emphasis added
inetnum:        82.38.0.0 - 82.38.255.255
netname:        TELEWEST-HSD_1-BRADFORD
descr:  Telewest HSD Platform
country:        GB
admin-c:        TWIP3-RIPE
tech-c: TWIP1-RIPE
status: ASSIGNED PA
mnt-by: AS5462-MNT
mnt-lower:      AS5462-MNT
mnt-routes:     AS5462-MNT
notify: [email protected]
notify: [email protected]
remarks:        report abuse to [email protected] [3]
remarks:        All reports via other channels will be ignored.
changed:        [email protected] 20030313
source: RIPE

As you can see, all abuse issues need to be mailed to [email protected]
[4], which I did:

> **From:** Sean Conner <[email protected]>
>  **Subject:** Infected machine trying to infect my machine
>  **To:** [email protected] [5]
>  **Date:** Thu, 25 Nov 2004 14:52:55 -0500 (EST)
>
> To whom it may concern:
>
> A machine with the IP address of 82.38.57.25 is continuously sending me
> infected files, 12 alone today, and about 20 yesterday (when I first
> noticed). I'm not concerned terribly much about getting infected (since I
> run Linux, not Windows) but it is clogging up my email, and no telling how
> many other systems it's trying to infect. Please deal with this as soon as
> possible.
>
> Thank you.
>
> Sean Conner.
>
> [email sent to me attached]
>

And as you can see, that was two days ago.

And they're still coming in.

So much for reporting abuse issues.

Today, I went to their broadband support page [6], and put in a trouble
ticket. Maybe then they'll take a look into this.

Update on Tuesday, November 30^th, 2004

Still going on … [7]


Update on Wednesday, December 8^th, 2004

Some more updates … [8]


[1] http://www.blueyonder.co.uk/
[2] http://www.surrey-online.co.uk/
[3] mailto:[email protected]
[4] mailto:[email protected]
[5] mailto:[email protected]
[6] http://www.blueyonder.co.uk/blueyonder/getContent.jspx?page=h_services_bybb
[7] gopher://gopher.conman.org/0Phlog:2004/11/30.1
[8] gopher://gopher.conman.org/0Phlog:2004/12/08.2

Email author at [email protected]

You are viewing proxied material from gopher.conman.org. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.