Re: [SLUG] Damit Windows leave me alone!

From: Paul M Foster (paulf@quillandmouse.com)
Date: Tue Nov 06 2001 - 18:41:25 EST


On Tue, Nov 06, 2001 at 06:04:48AM -0500, Mike Manchester wrote:

> I have one ip address that keeps trying to spread the Code Red worm on
> my system. Should I try to contact this person and tell them they are
> spreading the Code Red Worm? Or let their ISP know? And if so, how does
> one find out to whom an ip address belongs?
>

FWIW I had a problem like this a few months ago. Some university machine
in Oklahoma was sending my wife a 218K file every three minutes about
ten hours a day, except on weekends. This was Sircam, as I recall. The
email address was spoofed. I had to pore through the headers to find
relay points. My ISP was no help at all. Once I figured out what entity
was relaying the mails (the first relay point), I managed to get a phone
number for that university and call them up. They were very apologetic,
and fixed the problem rapidly. Turns out there was a worm continuously
running on that machine, firing these virus-infected emails at my wife
almost constantly.

Yes, your ISP _should_ assist. But their abuse people have to talk to
the abuse people at origin, and blah blah blah. Sometimes it's faster to
do it yourself.

Paul



This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 16:59:50 EDT