On Wed, Mar 9, 2011 at 6:46 PM, Shane Kerr <shane@time-travellers.org> wrote:
Looks like it's going out of New York. If you look at the last couple hops, we see:
Yes.
CustName: UNIVERSAL WEB DESIGN Address: 320 7th Ave, Suite 134 City: Brooklyn
Which happens to be a UPS store in Brooklyn .. http://www.theupsstorelocal.com/3678/
I realize you're not an expert, but there may be some training available from someone if you do want to become an expert in these things. I think most of the RIRs have courses that they give to law enforcement officials to help figure out the dispositions of various address blocks. Maybe one of them would be willing to make some slide decks public?
Let us put it this way, Shane - what Ron dug up does have a certain piscine odor about it. There's clearly a process hole that is causing large netblocks to be allocated - mostly - as "vpn ranges", "dsl pools" etc and then repurposed for bulk mail. It could be a lack of accuracy in whois It could be a window of opportunity that exists in the LIR process that is vulnerable to abuse It could be a disconnect between the RIPE anti abuse community and more mainstream / large SP antispam [and all due respect to RFG, he isn't wired into that scene either] Could be a combination of all those, and more. 1. This needs fixing - either tightening policies or their enforcement 2. This needs people who highlight problems Ron is doing a decent job at #2, and we're all straying far afield from #1 --srs