NNTP IP Address spoofing, tracing abuse
Alex Miller
bind-users-nospam at bannerclub.com
Thu Feb 17 22:39:36 UTC 2000
Thanks Barry,
As usual, you are very helpful. Are you really sure you're
only one person? Rumor has it that you must be many people
because your too smart to be just one. :-) I hope you take
that as the compliment it is meant to be.
Alex
-----------------------------------------
Signature:
the email address this is sent from
is may be an anti-spam defense. Ignore it
completely. Instead, rely on an email
address I have already provided or
<mailto:reply-nospam at bannerclub.com>
removing the "-nospam"
> -----Original Message-----
> From: news at burlma1-snr2.gtei.net [mailto:news at burlma1-snr2.gtei.net]On
> Behalf Of Barry Margolin
> Sent: Thursday, February 17, 2000 3:50 PM
> To: comp-protocols-dns-bind at moderators.uu.net
> Subject: Re: NNTP IP Address spoofing, tracing abuse
>
>
> In article <001b01bf7962$fab22cc0$867c06d1 at aranea.cybergood.net>,
> Alex Miller <bind-users-nospam at bannerclub.com> wrote:
> >In other words, is there one and only
> >IP address per name but multiple names
> >per IP address, a one-to-many mapping
> >or can there be multiple IP addresses
> >per name, creating a many-to-many mapping.
>
> You can have multiple PTR records.
>
> >If there is the possibility that the NNTP
> >host has many names, then the reverse lookup
> >will lead to the wrong place.
>
> Do a forward lookup of the name that the reverse lookup returns, to verify
> that it points back to the original IP address.
>
> But a better approach is to do a WHOIS lookup of the IP address, at
> whois.arin.net. That will tell you the organization that owns the address
> block.
>
> >> 6) Use a whois database to find the contact person for that
> >> nntp server.
> >>
> >> Then from there?
>
> Send the complete header to the contact person. They should be able to
> check their logs to find out who was using that client IP address at the
> time.
>
> --
> Barry Margolin, barmar at bbnplanet.com
> GTE Internetworking, Powered by BBN, Burlington, MA
> *** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to
> newsgroups.
> Please DON'T copy followups to me -- I'll assume it wasn't posted
> to the group.
>
>
>
More information about the bind-users
mailing list