NNTP IP Address spoofing, tracing abuse
Alex Miller
bind-users-nospam at bannerclub.com
Thu Feb 17 15:46:53 UTC 2000
Dear bind users,
I am trying to identify a person who posted a really
bad usenet posting on the internet. Of course, this
happens frequently, so I'm asking questions because
it is a general problem, not just a specific one.
The usenet posting was posted to dozens of different
usenet groups with the username bonnie_jouhari at my-deja.com
and a subject of "I'm Sorry". Bonnie Jouhari is a housing
activist who has been stalked by neo-nazis, and this
posting, using her name, is a death threat against her.
Here's my methodology on searching, any suggestions would be
helpful.
1) Using deja.com, I search for bonnie_jouhari at my-deja.com
2) I identify news groups that contain the "I'm Sorry"
posting. There are a LOT of them, since it was posted
many times, cross-posting about 4 times each.
3) Look up those newsgroups using a non-browser based usenet
reader like Netscape Messenger.
4) Find the "I'm Sorry" posting and look at the NNTP IP address.
5) Perform an reverse lookup on the IP address, either through
a product like WS_PING, or nslookup with in-addr.
6) Use a whois database to find the contact person for that
nntp server.
Then from there?
For information on the real Bonnie Jouhari, check out
http://www.hatewatch.org/interviews/jouhari.html
You may email me at alex at hatewatch.org
Thanks,
Alex Miller, director of cybergood.net, non-profit
ISP for hatewatch.org
-----------------------------------------
Signature:
the email address this is sent from
is may be an anti-spam defense. Ignore it
completely. Instead, rely on an email
address I have already provided or
<mailto:reply-nospam at bannerclub.com>
removing the "-nospam"
More information about the bind-users
mailing list