WARNING: Whois mining operation (probably spam related).

Scott Francis darkuncle at darkuncle.net
Sun Feb 3 10:53:50 UTC 2002


On Sun, Feb 03, 2002 at 02:34:46AM -0600, nanog at adns.net said:
> 
> Starting about 6am eastern time, we began getting several hundred hits per
> second from IP address 195.188.22.6 to our WHOIS server.
> 
> It appears that they were running a rather well endowed dictionary against
> the database.
> 
> Beware - these are spammers (I know the address very well). Check your logs
> if you have any email servers or whois databases.
> 
> This is a jerk from England who is a known fraudster.
====
[sfrancis at silverlight:~]$ whois -r 195.188.22.6
<snip>
descr:        Please forward abuse issues
descr:        to abuse at blueyonder.co.uk
<snip>
====

http://help.blueyonder.co.uk/rules/aup.html

If this guy is obviously spamming, or data mining in preparation for
spamming, it seems that blueyonder.co.uk could be contacted to have his
access yanked. Failing that, cableinet.net could be contacted to have
blueyonder.co.uk yanked.

Of course, you may have already tried this and received little/no
cooperation. *sigh*

-- 
Scott Francis                   darkuncle@ [home:] d a r k u n c l e . n e t
Systems/Network Manager          sfrancis@ [work:]         t o n o s . c o m
GPG public key 0xCB33CCA7              illum oportet crescere me autem minui
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 872 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20020203/0fd90cee/attachment.sig>


More information about the NANOG mailing list