Spamford Getting Service From Cable & Wireless? (fwd)
Brett Hawn
blh at texas.net
Wed May 28 13:33:06 UTC 1997
Anyone else have any information on this?
---------- Forwarded message ----------
Date: Mon, 26 May 1997 04:09:32 -0700
From: Babu Mengelepouti <dialtone at vcn.bc.ca>
Newsgroups: comp.dcom.telecom
Subject: Spamford Getting Service From Cable & Wireless?
Spamford appears to be multi-homed, if the research I have done is any
indication.
I took the novel approach of looking up who owns the IP blocks that his
nameservers run on. His nameservers are easily obtainable by a simple
whois:
Cyber Promotions, Inc (CYBERPROMO-DOM)
8001 Castor Avenue Suite #127
Philadelphia, PA 19152
US
Domain Name: CYBERPROMO.COM
Administrative Contact, Technical Contact, Zone Contact:
Wallace, Sanford (SW1708) domreg at CYBERPROMO.COM
215-628-9780
Billing Contact:
Wallace, Sanford (SW1708) domreg at CYBERPROMO.COM
215-628-9780
Record last updated on 24-Jan-97.
Record created on 26-Apr-96.
Database last updated on 25-May-97 04:56:34 EDT.
Domain servers in listed order:
NS7.CYBERPROMO.COM 205.199.2.250
NS5.CYBERPROMO.COM 205.199.212.50
NS8.CYBERPROMO.COM 207.124.161.65
NS9.CYBERPROMO.COM 207.124.161.50
Well, starting with ns7.cyberpromo.com, it's no surprise:
Whois: net 205.199.2
AGIS/Net99 (NETBLK-NET99-BLK4) NET99-BLK4 205.198.0.0 -
205.199.255.0
Cyber Promotions Inc (NETBLK-CYBERPROMO-205-199B) CYBERPROMO-205-199B
205.199.2.0 -
205.199.2.255
And the same for ns5.cyberpromo.com...
Whois: whois net 205.199.212
AGIS/Net99 (NETBLK-NET99-BLK4) NET99-BLK4 205.198.0.0 -
205.199.255.0
Cyber Promotions Inc (NETBLK-CYBERPROMO-205-199) CYBERPROMO-205-199
205.199.212.0 -
205.199.212.255
But wait? Is spamford multihoming? A Cable & Wireless Class C block!
Whois: net 207.124.161
Cable & Wireless, Inc. (NETBLK-NET3-CWI-NET) NET3-CWI-NET
207.124.0.0 -
207.124.255.255
IDCI (NETBLK-CWI-IDCI2) CWI-IDCI2 207.124.160.0 -
207.124.164.255
IDCI (NETBLK-IDCI-BLK-11) IDCI-BLK-11 207.124.161.0 -
207.124.162.255
But strangely, it doesn't resolve...
1 2427 ms 2135 ms 2716 ms Max18.Seattle.WA.MS.UU.NET [207.76.5.24]
2 1235 ms 929 ms 477 ms Ar1.Seattle.WA.MS.UU.NET [207.76.5.3]
3 175 ms 167 ms 623 ms Fddi0-0.CR1.SEA1.Alter.Net
[137.39.33.41]
4 213 ms 263 ms 265 ms 110.Hssi4-0.CR1.TCO1.Alter.Net
[137.39.69.121]
5 271 ms 264 ms 597 ms 313.atm1-0.gw1.tco1.alter.net
[137.39.21.153]
6 258 ms 990 ms 244 ms cwix2-gw.customer.ALTER.NET
[137.39.184.82]
7 739 ms 482 ms 655 ms nyd-7513-1-h4-0.cwix.net
[207.124.104.50]
8 581 ms 257 ms 490 ms ny1-7000-02-f0/0.cwi.net
[205.136.191.228]
9 634 ms 1044 ms 1183 ms ny1-7000-01-f4/0.cwi.net
[205.136.191.227]
10 580 ms 358 ms 297 ms idci-cwi.cwi.net [205.136.226.210]
11 232 ms 731 ms 302 ms phl-bcn1-client-router.idci.net
[205.136.21.3]
12 1267 ms 1197 ms 899 ms 146.145.254.62
13 * * * Request timed out.
14 * * * Request timed out.
15 * * * Request timed out.
And another!
Whois: net 207.124.161
Cable & Wireless, Inc. (NETBLK-NET3-CWI-NET) NET3-CWI-NET
207.124.0.0 -
207.124.255.255
IDCI (NETBLK-CWI-IDCI2) CWI-IDCI2 207.124.160.0 -
207.124.164.255
IDCI (NETBLK-IDCI-BLK-11) IDCI-BLK-11 207.124.161.0 -
207.124.162.255
^^^^^^^^^^^^^^^^^^^^^^^^^
What is IDCI, I wonder?
This one doesn't resolve either.
1 532 ms 188 ms 168 ms Max18.Seattle.WA.MS.UU.NET [207.76.5.24]
2 1284 ms 2128 ms 2321 ms Ar1.Seattle.WA.MS.UU.NET [207.76.5.3]
3 3037 ms 2575 ms 453 ms Fddi0-0.CR1.SEA1.Alter.Net
[137.39.33.41]
4 634 ms 475 ms 241 ms 110.Hssi4-0.CR1.TCO1.Alter.Net
[137.39.69.121]
5 887 ms 1357 ms 929 ms 313.atm1-0.gw1.tco1.alter.net
[137.39.21.153]
6 508 ms 447 ms 260 ms cwix2-gw.customer.ALTER.NET
[137.39.184.82]
7 284 ms 275 ms 270 ms nyd-7513-1-h4-0.cwix.net
[207.124.104.50]
8 610 ms 495 ms * ny1-7000-02-f0/0.cwi.net
[205.136.191.228]
9 300 ms 264 ms 683 ms ny1-7000-01-f4/0.cwi.net
[205.136.191.227]
10 621 ms 233 ms 275 ms idci-cwi.cwi.net [205.136.226.210]
11 275 ms 250 ms 767 ms phl-bcn1-client-router.idci.net
[205.136.21.3]
12 648 ms 954 ms 647 ms 146.145.254.58
13 * * * Request timed out.
14 * * * Request timed out.
15 * * * Request timed out.
16 * * * Request timed out.
Could Spamford have another provider up his sleeve? I wonder if Cable
& Wireless is planning to give him a link when Agis finally bites the
bullet and drops him.
I could drop a couple of suggestions. Performing traceroutes into
random addresses in his class C blocks revealed some very interesting
results. And finally, even though he has disabled nslookup on most of
his machines, he forgot one ...
So here ya go. nslookups on his most infamous domains...
answerme.com. SOA answerme.com
hostmaster.cyberpromo.com. (1
17 172800 3600 1728000 172800)
answerme.com. NS ns7.cyberpromo.com
answerme.com. NS ns9.cyberpromo.com
answerme.com. MX 5 answerme.com
answerme.com. A 205.199.212.8
localhost A 127.0.0.1
ftp CNAME answerme.com
news CNAME answerme.com
www CNAME cybermirror1.com
answerme.com. SOA answerme.com
hostmaster.cyberpromo.com. (1
17 172800 3600 1728000 172800)
cybermirror1.com. SOA cybermirror1.com
hostmaster.cyberpromo.com
. (117 172800 3600 1728000 172800)
cybermirror1.com. NS ns7.cyberpromo.com
cybermirror1.com. NS ns9.cyberpromo.com
cybermirror1.com. MX 5 cybermirror1.com
cybermirror1.com. A 205.199.2.248
answerme A 205.199.212.8
news CNAME cybermirror1.com
localhost A 127.0.0.1
www CNAME cybermirror1.com
auto1 A 205.199.212.36
auto2 A 207.124.161.91
auto3 A 207.124.161.78
ftp CNAME cybermirror1.com
cybermirror1.com. SOA cybermirror1.com
hostmaster.cyberpromo.com
. (117 172800 3600 1728000 172800)
cyberpromo.com. SOA cyberpromo.com
hostmaster.cyberpromo.com.
(126 172800 3600 1728000 172800)
cyberpromo.com. NS ns7.cyberpromo.com
cyberpromo.com. NS ns9.cyberpromo.com
cyberpromo.com. MX 5 cyberpromo.com
cyberpromo.com. MX 10 cyberpromo.com
cyberpromo.com. A 205.199.212.36
news CNAME cyberpromo.com
ns5 A 205.199.212.50
ns5 MX 10 ns5.cyberpromo.com
ns7 MX 10 cyberpromo.com
ns7 A 205.199.2.250
ns8 A 207.124.161.65
ns8 MX 10 ns8.cyberpromo.com
localhost A 127.0.0.1
localhost A 205.199.212.36
localhost MX 10 cyberpromo.com
ns9 A 207.124.161.51
ns9 MX 10 ns9.cyberpromo.com
www A 205.199.2.247
ftp CNAME cyberpromo.com
cyberpromo.com. SOA cyberpromo.com
hostmaster.cyberpromo.com.
(126 172800 3600 1728000 172800)
ispam.net. SOA ispam.net
hostmaster.cyberpromo.com. (113
172800 3600 1728000 172800)
ispam.net. NS ns7.cyberpromo.com
ispam.net. NS ns9.cyberpromo.com
ispam.net. A 205.199.212.34
ispam.net. MX 5 ispam.net
localhost A 127.0.0.1
ftp CNAME ispam.net
news CNAME ispam.net
www CNAME cyberpromo.com
ispam.net. SOA ispam.net
hostmaster.cyberpromo.com. (113
172800 3600 1728000 172800)
keepmailing.com. SOA keepmailing.com
hostmaster.cyberpromo.com.
(111 172800 3600 1728000 172800)
keepmailing.com. NS ns7.cyberpromo.com
keepmailing.com. NS ns9.cyberpromo.com
keepmailing.com. MX 5 keepmailing.com
keepmailing.com. A 205.199.212.30
localhost A 127.0.0.1
ftp CNAME keepmailing.com
news CNAME keepmailing.com
www CNAME keepmailing.com
keepmailing.com. SOA keepmailing.com
hostmaster.cyberpromo.com.
(111 172800 3600 1728000 172800)
Happy umm ... exploring. Of course, I would NEVER want ANYONE to even
THINK of doing anything malicious with this information. HACKING IS
ILLEGAL! I love Jeff Slaton. I love Spamford. They help the economy.
AGIS is our friend.
.
/|\
//|\\ Welcome to the rainforest...
///|\\\ dialtone at vcn.bc.ca
[TELECOM Digest Editor's Note: Thank you very much for passing that
information along. Anyone from Cable & Wireless want to look into
things from that side and give us a followup? PAT]
-----End of forwarded message-----
--
Carpe Dieum: Seize the Day!
Carpe Beerum: Seize the Beer!
Beerum Carpe: Get the fish drunk!
More information about the NANOG
mailing list