Re: Japanese "IPv6" group allocating for IPv4 spamming?

From: Robert Hajime Lanning (secfocusat_private)
Date: Fri Jun 06 2003 - 12:13:55 PDT

Next message: Dale Fay: "Re: Japanese "IPv6" group allocating for IPv4 spamming?"

Previous message: David Gillett: "RE: strange traffic on UDP port 53"
Next in thread: Dale Fay: "Re: Japanese "IPv6" group allocating for IPv4 spamming?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

It could be an IPv6/IPv4 gateway.  If the spammer requested an IPv6
network and used it, all traffic destined for an IPv4 address would
seem to come from the gateway address.

<quote who="Jay D. Dyson">
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi folks,
>
> 	I've long since blackholed most of Asia due to their rampant
> spamming and incompetent (or worse, indifferent) admins.  This latest
> incident only cements my stance.
>
> 	I received the following spam just a few minutes ago.  Mind you,
> I've seen countless spam messages in my day, but the originating IP is
> what caught my eye:
>
>
> - -----BEGIN FORWARDED MESSAGE-----
>
> Return-Path: <info_masterat_private>
> Received: (qmail 2233 invoked from network); 5 Jun 2003 21:13:01 -0000
> Received: from f136.ac130.freebit.ne.jp (HELO yume234.com)
> (43.244.130.136)
>   by h-66-134-87-75.lsanca54.covad.net with SMTP; 5 Jun 2003 21:13:01
> -0000
> From: ug0605 <info_masterat_private>
> To: [redacted]
> Reply-To: info_masterat_private
> Subject: [gibberish deleted]
> Date: Fri, 06 Jun 2003 06:11:24 +0900
> MIME-Version: 1.0
> Content-Type: multipart/mixed;
>     boundary="de9908d2-2375-4e23-87c8-09a261c806b2"
>
> [body of spam deleted]
>
> - -----END FORWARDED MESSAGE-----
>
>
> 	When I saw the first Received line, I polled APNIC's databases for
> the cognizant party.  The system responded that this Japanese netblock is
> not allocated to APNIC.  So then I tried ARIN.  And that's when things got
> interesting.
>
> 	ARIN stated that it too did not have that IP block allocated, but
> it did confirm that it belonged to "Japan Inet" and referred me to the
> "IPv6PC Whois Database" (whois.v6nic.net).  Okay, fine...but why is a
> group that apparently touts itself as working exclusively with IPv6 doling
> out IPv4 address space for spammers?
>
> 	Maybe I'm way off base here (wouldn't be the first time), but
> something really stinks in Tokyo.  Until such time that I can get an
> answer on this, 43.0.0.0/8 is in the blackhole.
>
> - -Jay
>
>   (    (                                                         _______
>   ))   ))   .-"There's always time for a good cup of coffee."-.
> >====<--.
> C|~~|C|~~| (>------ Jay D. Dyson - jdysonat_private ------<) |    =
> |-'
>  `--' `--'  `-If guns cause crime, then spoons cause obesity.-'  `------'
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.2 (TreacherOS)
> Comment: See http://www.treachery.net/~jdyson/ for current keys.
>
> iD8DBQE+37njNlg1oZSC9mkRAi6QAJ0cPERAww8lvVFtm6NUyRwc97CQhwCfbfx+
> b/pwVrvzllBRYe/DH6WRS0I=
> =XPg3
> -----END PGP SIGNATURE-----
>
> ----------------------------------------------------------------------------
> ----------------------------------------------------------------------------
>
>


----------------------------------------------------------------------------
----------------------------------------------------------------------------

Next message: Dale Fay: "Re: Japanese "IPv6" group allocating for IPv4 spamming?"
Previous message: David Gillett: "RE: strange traffic on UDP port 53"
Next in thread: Dale Fay: "Re: Japanese "IPv6" group allocating for IPv4 spamming?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Jun 09 2003 - 09:00:55 PDT