On Fri, 2 May 1997 21:51:20 -0400, PPCD <[log in to unmask]> wrote: >Our listserv received something from a "rogue site" that allows email >addresses with any email address you want. We phoned (voiced) the contacts >for the site and got nothing. We tried filtering the site in the filter >and it still got through. Look at this: > >Received: from ucsd.com (ucsd.com [207.87.178.65]) > by techunix.technion.ac.il > (8.8.5/8.6.10) with ESMTP id XAA13590 for > Received: (from nobody@localhost) by ucsd.com <----- > (8.8.5/8.6.12) id QAA07946; Fri, > 2 May 1997 16:47:36 -0400 (EDT) >Message-ID: <[log in to unmask]><----------- >Date: Fri, 2 May 1997 16:47:36 -0400 >From: <********@MAIL.COIN.MISSOURI.EDU> <---- not the REAL poster >Subject: Re: ***************** >X-Status: A > > ------------- >They allowed this person to use the name and email address >of 6 of the list users which sent some pretty disgusting posts. > >Whois produced this: > >AJ Wilson (UCSD2-DOM) > PO Box 611 > La Jolla, CA 92038 > US > > Domain Name: UCSD.COM > > Administrative Contact: > Wilson, Anthony (AW628) [log in to unmask] > 619.454.5444 > Technical Contact, Zone Contact: > Administrator, Domain (DA550) [log in to unmask] > 1 412 681 6932 > > Domain servers in listed order: > > NS3.PAIR.COM 207.86.128.15 > NS0.NS0.COM 207.87.178.7 > >They never answer emails and they do not have real people at the site. >I would appreciate any ideas. We DID filter this domain in FILTER >but you see this abuser posted as another domain that was not his. A "TraceRoute" of the IP-packets to 'UCSD.COM' reveals: 9 mae-west-nap.SanFrancisco.mci.net (204.70.1.14) 10 mae-west.digex.net (198.32.136.60) 11 sjc1-core1-h1-0.atlas.digex.net (165.117.50.46) 12 oma1-core1-h8-0.atlas.digex.net (165.117.50.17) 13 ord1-core1-h8-0.atlas.digex.net (165.117.50.13) 14 dtw1-core1-h8-0.atlas.digex.net (165.117.50.9) 15 cvg1-core1-h8-0.atlas.digex.net (165.117.50.5) 16 pit1-core1-h1-0.atlas.digex.net (165.117.50.2) 17 pair-t1a.pair.net (207.87.178.1) 18 ucsd.com (207.87.178.65) So, 'UCSD.COM' (coincidentally?? similar to 'UCSD.EDU' in the same area) gets their connectivity from 'PAIR.NET'. Checking the WWW-server for 'PAIR.NET', I found the page at: http://support.pair.com/policy/security.html which states: Use of pair Networks services to engage in any type of fraud, "cracking", malicious behavior, or harrassment is expressly forbidden. Interference with the proper operation of systems reachable via the Internet is forbidden. Compliance with the acceptable use policies of any network or system with which you connect through our service is required. Forging e-mail, Usenet postings, or other messages is forbidden. Trafficking in pirated software is forbidden. Port scanning or the use of similar tools is forbidden. If inappropriate activity is detected, all accounts of the user in question will be deactivated until the investigation is complete. Prior notification to the user is not assured. In extreme cases, law enforcement will be contacting regarding the activity. ... <<SNIP>> ... This policy simply requires that you use your accounts responsibly. Breaking into other systems, trying to break into ours, forging messages, swapping games with your friends - all of this is illegal and inappropriate for our userbase of Internet professionals. Because of the potential legal and technical risks these activities can present to our service, we deactivate first, and ask questions later. This is necessary to protect our service for all customers. So, I suggest that you have a "talk" with the administrators of PAIR NETWORKS, and indicate the policy-violations with respect to 'UCSD.COM'.